Michael Johnson wrote:
It should not matter about a local root login, after all you do protect
your servers at the core routers dont you.
Of course if you run it on a home cable/dsl connection thats a different
matter altogether, but even then I'd be surprised if you allowed ssh
access to just anyone.
I follow the rule that one should never log in directly as root. In this
case, you need at least one mortal local account as an initial login.
So long as your router ACL's are setup right, you wont have any issues,
a lot of servers require ssh access to do many things in scripts,
afterall you have to restart a web server after you add a new host, sure
you can change the cons via secure NFS, but apache for example isn't
good enough to know when its conf files change :)
Back end stuff (along with NFS) for example only runs on pvt address
space on a second interface, ssh listens on that interface only and not
the net ip, then we also have ILO on yet another pvt address space. It's