David Corking wrote: >>You can also allow root ssh from localhost >>only, adding a tiny bit more security still by not su-ing but ssh-ing to >>root. >> >> > >Never thought of this -- good stuff. Will using ssh-agent instead of >typing ssh passphrase into the remote server hinder attackers ?? > > I don't think so - ssh-agent is useful on your actual workstation, when you have to do regular logins - it caches the passphrase without the need to save it in a file somewhere. As you probably won't be doing multiple root logins from a single ssh-session, the usefulness is almost zero.
> > -- Public GPG key at blackhole.pca.dfn.de .
msg08793/pgp00000.pgp
Description: PGP signature
