From owner-freebsd-questions@FreeBSD.ORG  Mon Mar  1 19:07:05 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 224B016A4CE
	for <freebsd-questions@freebsd.org>;
	Mon,  1 Mar 2004 19:07:05 -0800 (PST)
Received: from smtpo01.icare.priv (unknown [203.78.64.148])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EF6B143D1F
	for <freebsd-questions@freebsd.org>;
	Mon,  1 Mar 2004 19:07:03 -0800 (PST)
	(envelope-from satimis@icare.com.hk)
Received: from smtpi01.icare.priv ([10.11.12.46]) by smtpo01.icare.priv with
	Microsoft SMTPSVC(5.0.2195.5329);	 Tue, 2 Mar 2004 11:06:08 +0800
Received: from 203.88.164.166 ([203.88.164.166]) by smtpi01.icare.priv with
	Microsoft SMTPSVC(5.0.2195.5329);	 Tue, 2 Mar 2004 11:06:07 +0800
From: Stephen Liu <satimis@icare.com.hk>
To: "HOLLOW, CHRISTOPHER" <christopher.hollow@cgi.com>
Date: Tue, 2 Mar 2004 20:43:45 +0800
User-Agent: KMail/1.5.4
References: <200403020152.37627.satimis@icare.com.hk>
	<200403020809.43752.satimis@icare.com.hk> <40437268.9020600@cgi.com>
In-Reply-To: <40437268.9020600@cgi.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200403022043.46110.satimis@icare.com.hk>
X-OriginalArrivalTime: 02 Mar 2004 03:06:07.0931 (UTC)
	FILETIME=[4EBFC8B0:01C40003]
cc: Nathan Kinkade <nkinkade@ub.edu.bz>
cc: freebsd-questions@freebsd.org
Subject: Re: SSH Problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2004 03:07:05 -0000

On Tuesday 02 March 2004 01:27, HOLLOW, CHRISTOPHER wrote:
> > This arrangement is only to facilitate Administor's job.  He operates
> > outside contact as 'user' from there if necessary he can login as root
> > doing maintenance.
>
> Granting the person root access is one thing.  Allowing root logins via
> SSH is something different.  What Nathan (and security experts around
> the world) is suggesting is to restrict root access vis SSH, have the
> remote user log in as a non-priveleged user and 'su' to root.  Just good
> security practice...

Hi Chris,

Tks for your advice.

I agree with your point.  In most cases the Adminstrator will do the other way 
around.  Login as 'root' for maintenance.  When in need to contact outside he 
login as 'user' via SSH starting email software.  This is the point of house 
keeping

Another point of interest to me in re remote access to 'root' via SSH, an 
Adminstrator can do adminstration job from a remote station.  If the job 
requires rebooting the PC under maintenance with a password then can the 
Adminstrator overcome this difficulty.  This point remains pending unsolved 
to me.

B.R.
Stephen