On 2005-02-03 22:54, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote: >Giorgos Keramidas wrote: >>On 2005-02-04 01:04, Gert Cuykens <[EMAIL PROTECTED]> wrote: >>> On Fri, 04 Feb 2005 00:05:34 +0000, Chris Hodgins >>> <[EMAIL PROTECTED]> wrote: >>> True but the point is without the ssh root enabled there is >>> nothing you can do about it to stop them if they change your user >>> password >> >> [...] >> You may also want to consider than having SSH enabled for root >> means there is only ONE step at becoming root from any remote >> location. >> >> Having to SSH as a user first, with the right combination of SSH >> keys and passwords, and then use su(1) with yet another password is >> at least one more step. >> >> Why is the first, 1-step procedure safer than the second? > > I think I'm going to interject a few things here to this discussion, > which has turned into a rediculous religious argument. > > In answer to your question about a 1-step procedure safer than the > second, well as a matter of fact there are circumstances when it is. > For example: > > [snip great advice about securing ssh access]
I was (perhaps not so) obviously referring to "all other things being equal, allowing ssh access to a plain user is safer than allowing direct ssh access to root. All great points, though. Thanks Ted. - Giorgos _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
