At 994443564s since epoch (07/06/01 06:19:24 -0400 UTC), Juha J?ykk? wrote: > I distrust allowing root logins from anywhere but local console(s) > or non-modem gettys i.e. from anywhere over the not-owned-by-me cable. > Any other ideas? Or is it really safe to allow root logins to sshd? > It is just an old rule of thumb that root must never log on over the > wire but that may be old news from times of telnet - never had any > need of root logins over the wire until perhaps now.
I agree with others here: use sudo. Even on my own box I use sudo, rather than using my root password. I worked at a company where all the employees had their own linux box. We gave them sudo on their own machines, but only the IT staff had root on the boxes. This way, the staff could do updates (they set up an "admin" account with sudo), and the users could fudge their own configs, but nobody needed actual 'root' to do anything. I do not recommend the UID=0 trick. Too many ways to make typos and hose your passwd file. Also, sudo leaves a nice audit trail, and has many more features that you may find handy in the future (such as the ability to restrict commands run as root, times of day, types of passwords accepted to run root commands, etc). Finally, if you're doing a lot of work and don't want to have to keep typing "sudo" in front of everything, try: sudo -s To get a root shell. Jason -- Jason Healy | [EMAIL PROTECTED] LogN Systems | http://www.logn.net/
