Just a friendly Jedi Knight wrote:
On Fri, Jul 06, 2001 at 01:19:24PM +0300, Juha Jäykkä wrote:
I distrust allowing root logins from anywhere but local console(s)
or non-modem gettys i.e. from anywhere over the not-owned-by-me cable.
umm do You want to run in circles from one machine to another? ;o))
if not than You need to remotely logon somehow, right?
i think that ssh'ing into the machine and than than su'ing to root is no
different than ssh'ing directly as root into that machine...
(well when You do a su You leave a trace in logs of that fact, while You are
directly ssh'ing into there is no info in logs on who actually logged on as
root; there is some patch to <<at least partialy>> fix the latter and it was
mentioned on debian-devel i think)
Disable every direct root login altogether (suppress root's password)
and add anyone who needs root access to your /etc/sudoers file (if
necessary, apt-get install sudo, of course). Need a root shell? sudo
bash, and you're using only your own password ...
