On Tue, 10 Aug 2004 23:02, Mark Bucciarelli <[EMAIL PROTECTED]> wrote: > On Tuesday 10 August 2004 10:52, Dale E Martin wrote: > > Anyways, I would like to disable password logins for root on several of > > my boxes but allow root to come in from known IPs and with known ssh > > keys. Is there a way to disable password logins for root in sshd_config > > or root/.ssh/config, while leaving password logins intact for regular > > users? > > Would it work to disable all ssh password logins and only allow logins with > the proper private key? > > I find this most secure--no more worries about password cracks (I just have > to worry about the physical security of the USB key on my keychain).
Also the security of the machine that you use to ssh to other machines. If the machine can be compromised then the ssh private key can be stolen from the USB device by a trojaned ssh client. Systems like Opie deal with this by having a calculation to generate the new one-time password which can be performed on another machine. Run that calculation on a PDA and things are a lot more difficult for an attacker. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]