On 11/10/05, Oliver Fromme <[EMAIL PROTECTED]> wrote: > Well, I vote for /sbin/nologin as root's login shell. > > In single-user mode, the systems asks for the shell, with > /bin/sh being the default. In multi-user mode, nobody > should ever log in as root. You rather log in as normal > user and then use "su -m", or use sudo(8) or super(1) or > whatever.
It's awkward to have to reboot a machine just to log in to it from a console. Let's say you're colocated and utilize a "remote hands" service, or you make a mistake with your firewall. You're better off disabling root logins in sshd_config, so no one can use root from remote. Then you can leave a password on the root account and still have console access. I just leave root logins enabled and use ssh keys. Leaves a very nice, easy to follow, one-line-per-login "paper trail" of who logged in as root from where and when. But it all comes down to preference, since all options for root access (su, ssh keys, sudo, etc) all carry risk. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
