On Friday, 15.12.2006 at 15:55 +0800, Tim Post wrote: > Leaving root enabled via SSH, you're doing half of the hacker's work > for them.
A half-way house option is to only allow root logins via public/private key, rather than via password. To do this, put PermitRootLogin without-password into sshd_config. This stops any direct password attacks. It is less secure than disabling access to the root account completely, but offers a great deal of convenience that can sometimes be useful. Dave. -- Please don't CC me on list messages! ... Dave Ewart - [EMAIL PROTECTED] - jabber: [EMAIL PROTECTED] All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
signature.asc
Description: Digital signature
