> key for another machine might be on the current machine? If so, isn't that
> just bad password management?
No, what I am refering to is passwordless entry via the use of ssh keys.
If someone has a root key laying around, and it's installed on aother
remote client, the root user can login without suppling a password.
The key was pregenerated based on a paraphrase and local machine id (and
whatever crypt you use).
Some consider this poor password mangement, but is it? This stops
keystorkes of passwords over the LAN.
>
> At 12:19 PM -0400 9/25/01, [EMAIL PROTECTED] wrote:
> >Because, if a hacker gets on one box that has a root key to another
> >machine, it's all over.
> >
> >On Tue, 25 Sep 2001, Edward Lewis wrote:
> >
> >> I have been asked about the rationale behind restricting direct root logins
> >> via SSH. (There is a sshd configuration option on this.) Is there a
> >> document that lists the reason why this exists?
> >>
> >> In absence of that, if folks want to contribute technical reasons why one
> >> should restrict root logins, I would appreaciate input. Since this might
> >> be a topic in which feelings run deep, off-list is probably better and I'll
> >> summarize.
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis NAI Labs
> Phone: +1 443-259-2352 Email: [EMAIL PROTECTED]
>
> You fly too often when ... the airport taxi is on speed-dial.
>
> Opinions expressed are property of my evil twin, not my employer.
>
>
>
--
Rory Savage, Senior Systems Administrator
Nando Media: www.nandomedia.com
email: [EMAIL PROTECTED]
919-836-5987 (Office)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
