Michael Johnson wrote:
I follow the rule that one should never log in directly as root. In this
case, you need at least one mortal local account as an initial login.

 - Michael

It should not matter about a local root login, after all you do protect your servers at the core routers dont you. Of course if you run it on a home cable/dsl connection thats a different matter altogether, but even then I'd be surprised if you allowed ssh access to just anyone.

So long as your router ACL's are setup right, you wont have any issues, a lot of servers require ssh access to do many things in scripts, afterall you have to restart a web server after you add a new host, sure you can change the cons via secure NFS, but apache for example isn't good enough to know when its conf files change :)

Back end stuff (along with NFS) for example only runs on pvt address space on a second interface, ssh listens on that interface only and not the net ip, then we also have ILO on yet another pvt address space. It's pretty safe.


Reply via email to