>From my experience, even if I am root at one box, I still need to supply
the root password at the other box. (I don't mean to argue, but I am
trying to make sure I understand the point.) Are you saying that the root
key for another machine might be on the current machine? If so, isn't that
just bad password management?
At 12:19 PM -0400 9/25/01, [EMAIL PROTECTED] wrote:
>Because, if a hacker gets on one box that has a root key to another
>machine, it's all over.
>
>On Tue, 25 Sep 2001, Edward Lewis wrote:
>
>> I have been asked about the rationale behind restricting direct root logins
>> via SSH. (There is a sshd configuration option on this.) Is there a
>> document that lists the reason why this exists?
>>
>> In absence of that, if folks want to contribute technical reasons why one
>> should restrict root logins, I would appreaciate input. Since this might
>> be a topic in which feelings run deep, off-list is probably better and I'll
>> summarize.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis NAI Labs
Phone: +1 443-259-2352 Email: [EMAIL PROTECTED]
You fly too often when ... the airport taxi is on speed-dial.
Opinions expressed are property of my evil twin, not my employer.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
