To: Tim Chase Copy: python-list@python.org (python-list@python.org) On Tue, Dec 9, 2014 at 6:50 AM, Tim Chase <python.l...@tim.thechases.com> wrote: > Just for the record, you can enable root logins but disallow password > logins, so root has to be done with a public/private key-pair. > > That said, I do as you describe and still SSH to my ssh-user account, > then "su" to root as needed from there. But at least there's a > middle ground that isn't as vulnerable as putting a root account out > there to be banged on by any script-o-matic bot that finds it.
I've done both of these. Most of my boxes don't have passwords on the root account AND don't allow SSH to root, relying on a sudo-enabled account usually; and it's perfectly possible to also deny password access to *any* account via SSH. Quite good for security... though it can create an awkward bootstrap problem if you lose all private keys that had access. ChrisA --- SoupGate-Win32 v1.05 * Origin: <SpaceSST.BBS.Fidonet<>nntp.gatew...@.piz.noip.me> (1:249/999) --- Synchronet 3.15b-Win32 NewsLink 1.92 SpaceSST BBS Usenet <> Fidonet Gateway -- https://mail.python.org/mailman/listinfo/python-list