One of the most said reasons not to login as root is accountability.
If you have to login with another account and then su to root, then is
much easier to know who did anything with the root account.
At 01:02 PM 9/25/2001 -0400, Edward Lewis wrote:
> From my experience, even if I am root at one box, I still need to supply
>the root password at the other box. (I don't mean to argue, but I am
>trying to make sure I understand the point.) Are you saying that the root
>key for another machine might be on the current machine? If so, isn't that
>just bad password management?
>
>At 12:19 PM -0400 9/25/01, [EMAIL PROTECTED] wrote:
> >Because, if a hacker gets on one box that has a root key to another
> >machine, it's all over.
> >
> >On Tue, 25 Sep 2001, Edward Lewis wrote:
> >
> >> I have been asked about the rationale behind restricting direct root
> logins
> >> via SSH. (There is a sshd configuration option on this.) Is there a
> >> document that lists the reason why this exists?
> >>
> >> In absence of that, if folks want to contribute technical reasons why one
> >> should restrict root logins, I would appreaciate input. Since this might
> >> be a topic in which feelings run deep, off-list is probably better and
> I'll
> >> summarize.
>
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Edward Lewis NAI Labs
>Phone: +1 443-259-2352 Email: [EMAIL PROTECTED]
>
>You fly too often when ... the airport taxi is on speed-dial.
>
>Opinions expressed are property of my evil twin, not my employer.
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
