Date: Tue, 2 Mar 2004 20:43:45 +0800 From: Stephen Liu <satimis@icare.com.hk> To: "HOLLOW, CHRISTOPHER" <christopher.hollow@cgi.com> Cc: freebsd-questions@freebsd.org Subject: Re: SSH Problem Message-ID: <200403022043.46110.satimis@icare.com.hk> In-Reply-To: <40437268.9020600@cgi.com> References: <200403020152.37627.satimis@icare.com.hk> <200403020809.43752.satimis@icare.com.hk> <40437268.9020600@cgi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 02 March 2004 01:27, HOLLOW, CHRISTOPHER wrote: > > This arrangement is only to facilitate Administor's job. He operates > > outside contact as 'user' from there if necessary he can login as root > > doing maintenance. > > Granting the person root access is one thing. Allowing root logins via > SSH is something different. What Nathan (and security experts around > the world) is suggesting is to restrict root access vis SSH, have the > remote user log in as a non-priveleged user and 'su' to root. Just good > security practice... Hi Chris, Tks for your advice. I agree with your point. In most cases the Adminstrator will do the other way around. Login as 'root' for maintenance. When in need to contact outside he login as 'user' via SSH starting email software. This is the point of house keeping Another point of interest to me in re remote access to 'root' via SSH, an Adminstrator can do adminstration job from a remote station. If the job requires rebooting the PC under maintenance with a password then can the Adminstrator overcome this difficulty. This point remains pending unsolved to me. B.R. Stephen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403022043.46110.satimis>