From owner-freebsd-questions@FreeBSD.ORG Mon Mar 1 09:29:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A3E716A4CE for ; Mon, 1 Mar 2004 09:29:58 -0800 (PST) Received: from dm3cn8.bell.ca (dm3cn8.bell.ca [206.47.0.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB7DC43D49 for ; Mon, 1 Mar 2004 09:29:55 -0800 (PST) (envelope-from christopher.hollow@cgi.com) Received: from 142.122.115.62dm3cn8.bell.ca with ESMTP (Tumbleweed MMS SMTP Relay (MMS v5.0)); Mon, 01 Mar 2004 12:29:46 -0500 X-Server-Uuid: D4A4E604-913A-4A1B-8C07-2866D92AD410 Received: from cgi.com ([172.28.32.80]) by bt5c69.on.bell.ca (Netscape Messaging Server 4.15 BESI_Messaging_7 Apr 29 2002 13:22:02) with ESMTP id HTWR9L00.MUT; Mon, 1 Mar 2004 12:29:45 -0500 Message-ID: <40437268.9020600@cgi.com> Date: Mon, 01 Mar 2004 12:27:04 -0500 From: "HOLLOW, CHRISTOPHER" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Stephen Liu" References: <200403020152.37627.satimis@icare.com.hk> <20040301143307.GC11958@nkinkade.bmp.ub> <200403020809.43752.satimis@icare.com.hk> In-Reply-To: <200403020809.43752.satimis@icare.com.hk> X-WSS-ID: 6C5DAC801924849-01-01 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: Nathan Kinkade cc: freebsd-questions@freebsd.org Subject: Re: SSH Problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:29:58 -0000 > This arrangement is only to facilitate Administor's job. He operates outside > contact as 'user' from there if necessary he can login as root doing > maintenance. Granting the person root access is one thing. Allowing root logins via SSH is something different. What Nathan (and security experts around the world) is suggesting is to restrict root access vis SSH, have the remote user log in as a non-priveleged user and 'su' to root. Just good security practice... Chris Stephen Liu wrote: >- snip - > > >>You say that this works as root, but your example seems to indicate >>otherwise. By default, root logins via ssh is disabled in the sshd >>config file, usually at /etc/ssh/sshd_config. If for some reason you >>want to allow root logins via ssh then uncomment the following line and >>change "no" to "yes" - then restart sshd: >> >>PermitRootLogin yes >> >>However, I think this would generally be frowned upon from a security >>standpoint. >> >> > >Hi Nathan, > >Tks for your advice which works. > >This arrangement is only to facilitate Administor's job. He operates outside >contact as 'user' from there if necessary he can login as root doing >maintenance. > >B.R. >Stephen > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > -- Christopher Hollow - Consultant Infrastructure & Technology Support Toronto, ON