From owner-freebsd-security Thu Jan 20 2:39:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by hub.freebsd.org (Postfix) with SMTP id 3D737153E8 for ; Thu, 20 Jan 2000 02:39:18 -0800 (PST) (envelope-from sen_ml@eccosys.com) Received: (qmail 14693 invoked from network); 20 Jan 2000 10:38:03 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 20 Jan 2000 10:38:03 -0000 To: freebsd-security@FreeBSD.ORG Subject: Re: ssh. From: sen_ml@eccosys.com In-Reply-To: <20000120093017.18539.qmail@hotmail.com> References: <20000120093017.18539.qmail@hotmail.com> X-Mailer: Mew version 1.94.1 on Emacs 20.5 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000120193954V.1000@eccosys.com> Date: Thu, 20 Jan 2000 19:39:54 +0900 X-Dispatcher: imput version 990905(IM130) Lines: 19 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org jslat> For what need, would one have to even remotely Logon to the jslat> root account, my advice to to not even have a ~/root/.ssh to jslat> begin with. to me it's about as silly as ~/root/.rhosts. i won't be surprised if others mention that it is not always practical to do what you suggest. i beg to differ on the point that it is about as silly as ~/root/.rhosts -- .rhosts is far worse in my opinion. to elaborate just a bit, there are situations in which people might not have physical access (at least not frequently, and sometims even close to never) to the machiness which they administer. root access by ssh (in certain configurations) can provide a practical approach (compared to the alternatives) depending on one's situation. i know some setups where people establish an out-of-band connection (say, via serial lines) to each machine they administer from a single machine which is not connected to the network. however, even this is not always possible or practical -- distance, time, budget, etc. constraints. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message