One point that still hasn't been raised in this thread (I think). This applies
to mostly to interactive logins, and a much lesser degree to the use of ssh
keyfiles.
Having allowrootlogin on a box that's connected to the net gives away one of 2
things needed for a succesfull login: a username. Since root user on most boxes
also called root this gives any attacker a foodhold on your system. He then
only needs to find the correct pass{word,key}. Else he would need to find a
username (and not every user has root priviliges ofcourse) first, which adds an
extra step in gaining unauthorized access.
I personally find it best not to give anyone the root password. Everything root
does can also be done with a sudo -s, which gives a root shell.
// nick
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
