On Jan 22, 2009, at 10:49 AM, Jack Woehr wrote:
The normal practice is the Unix world is to disallow ssh logins to root ... root users must log in under a user account and su or sudo to root.
I'd be leery of saying that is necessarily "normal practice." There's a lot of variation in the Unix world. For instance, a lot of machines I've seen don't do this precisely because there are no user accounts. Just system accounts used to run various services. Granted, in those cases, it would probably be better to add a support account everywhere, allow ssh to a support account and force support to sudo, but in this day and age, you really can't count on "user accounts" anymore, since almost all interaction with systems is via network-exposed services rather than an actual login shell. Adam ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
