On Sun, 9 Mar 2003, Mikkel L. Ellertson wrote: > I preferrer to set root to "PermitRootLogin without-password" so you can > only log in with a valid key pair. As long as you have a good password > on the private key, it makes it hard for anyone to log in. They have to > get the private key, and crack the password... The only disadvantage is > that if they do manage to crack your machine, and get your private key, > the can crack the password on their machine, instead of over the > Internet. Not a real big problem for me, as the machines with the > private keys do not accept incomming Internet connections...
Another benefit: If your password for root gets horked for some reason, you can still ssh in and fix it without having to boot single user. Not that I've ever had to do that. *cough* Bill Carlson -- Systems Administrator [EMAIL PROTECTED] | Anything is possible, Virtual Hospital http://www.vh.org/ | given time and money. University of Iowa Hospitals and Clinics | Opinions are mine, not my employer's. | -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
