Joe Morris (NTM) wrote: > On 01/17/2008 11:22 PM, M. Todd Smith wrote: >> On Jan 17, 2008, at 10:08 AM, Kain, Becki (B.) wrote: >>> I can't find a good write up of the options of PermitRootLogin - yes, >>> no, without-passwd, etc... Can someone point me in the right >>> directoin> >> >> from 'man sshd_config' >> >> PermitRootLogin >> Specifies whether root can log in using ssh(1). The >> argument must be ``yes'', ``without-password'', >> ``forced-commands-only'', or ``no''. >> <snip> >> >> If this option is set to ``no'', root is not allowed to >> log in. > Just for clarity, this means root cannot directly log in via ssh (best > for security). After logging in via ssh, you can as a user su to root > to do any kind of admin work. Root is not prevented from working via > ssh if set to no, just not allowed to log in directly. > To follow up on this, what would be involved for an automated process to log in as root in this manner? I understand doing this manually, like any shell on the machine, but does there exist any automated login scripts that try to get user, then root, or is this considered too many steps to be practical from a crackers standpoint?
Also, if you set the SSH login to accept only a key (with or without passphrase), is it considered "secure" to allow direct root logins (or rather authentications) using a key only? TIA, Jim F -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
