On Fri, Oct 22, 2010 at 1:01 PM, Jay K <jay.kr...@cornell.edu> wrote: >> You can get almost the same thing by setting "PasswordAuthentication" to > "no" >> in your sshd_config file, and hand out empty or ridiculously simple > passwords >> for the console (honestly, who would forget "yermomsawhore" as a > password?). > > > How do I limit their use to the console? > > If say I ssh in as non-root and then login root?
You can chroot those logins and why they need root? You don't need to allow use of su for them, they don't need to be in wheel group and you can set in sudo only 'must need' apps for them. > > ssh surely isn't the sole gatekeeper for login? > > B (Granted, I am NOT running ftpd or telnetd; though > > B at some point I'd like smbd/nfsd, hopefully > > B both secure and convenient, hopefully using ssh somehow...). > > > > Thanks, > > B - Jay
