Date: Mon, 01 Mar 2004 12:27:04 -0500 From: "HOLLOW, CHRISTOPHER" <christopher.hollow@cgi.com> To: "Stephen Liu" <satimis@icare.com.hk> Cc: freebsd-questions@freebsd.org Subject: Re: SSH Problem Message-ID: <40437268.9020600@cgi.com> In-Reply-To: <200403020809.43752.satimis@icare.com.hk> References: <200403020152.37627.satimis@icare.com.hk> <20040301143307.GC11958@nkinkade.bmp.ub> <200403020809.43752.satimis@icare.com.hk>
next in thread | previous in thread | raw e-mail | index | archive | help
> This arrangement is only to facilitate Administor's job. He operates outside > contact as 'user' from there if necessary he can login as root doing > maintenance. Granting the person root access is one thing. Allowing root logins via SSH is something different. What Nathan (and security experts around the world) is suggesting is to restrict root access vis SSH, have the remote user log in as a non-priveleged user and 'su' to root. Just good security practice... Chris Stephen Liu wrote: >- snip - > > >>You say that this works as root, but your example seems to indicate >>otherwise. By default, root logins via ssh is disabled in the sshd >>config file, usually at /etc/ssh/sshd_config. If for some reason you >>want to allow root logins via ssh then uncomment the following line and >>change "no" to "yes" - then restart sshd: >> >>PermitRootLogin yes >> >>However, I think this would generally be frowned upon from a security >>standpoint. >> >> > >Hi Nathan, > >Tks for your advice which works. > >This arrangement is only to facilitate Administor's job. He operates outside >contact as 'user' from there if necessary he can login as root doing >maintenance. > >B.R. >Stephen > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > -- Christopher Hollow - Consultant Infrastructure & Technology Support Toronto, ON
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40437268.9020600>