Nick Nauwelaerts wrote:
>
> One point that still hasn't been raised in this thread (I think). This applies
> to mostly to interactive logins, and a much lesser degree to the use of ssh
> keyfiles.
another is that the option makes it pretty consistant with other daemons. e.g.
most systems won't allow root to ftp or telnet into the system without
specifically
overriding the system config. others by default allow root to telnet or ftp in
but usually they also offer an ability to prevent this.
since these options probably existed long before ssh was even thought of(I've
only been using Unix since 1994, and SSH since ~1997), i don't think the
reasoning behind disallowing root via telnet or ftp or even
XDM was because of the lack of encryption. it's much faster to brute force a
system if you only have 1 level of authentication to gain system level access.
(sorry if this was raised but the posts that ive read sofar did not mention
this)
i allow root to ssh in on some systems -- i backup data via rsync from them
and the only way to preserve user/group IDs that i know of is to run it
as root(i use the --numeric-ids option with rsync). its not great, but its a
hellva lot better then exporting NFS in my opinion.
nate
nate
--
Nate Amsden
System Administrator
GraphOn
http://www.graphon.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
