Just a friendly Jedi Knight wrote:

On Fri, Jul 06, 2001 at 01:19:24PM +0300, Juha Jäykkä wrote:

 I distrust allowing root logins from anywhere but local console(s)
or non-modem gettys i.e. from anywhere over the not-owned-by-me cable.

 umm do You want to run in circles from one machine to another? ;o))
 if not than You need to remotely logon somehow, right?
 i think that ssh'ing into the machine and than than su'ing to root is no
 different than ssh'ing directly as root into that machine...
 (well when You do a su You leave a trace in logs of that fact, while You are
 directly ssh'ing into there is no info in logs on who actually logged on as
 root; there is some patch to <<at least partialy>> fix the latter and it was
 mentioned on debian-devel i think)


Disable every direct root login altogether (suppress root's password) and add anyone who needs root access to your /etc/sudoers file (if necessary, apt-get install sudo, of course). Need a root shell? sudo bash, and you're using only your own password ...


Reply via email to