On Tue, Dec 9, 2014 at 6:50 AM, Tim Chase <python.l...@tim.thechases.com> wrote: > Just for the record, you can enable root logins but disallow password > logins, so root has to be done with a public/private key-pair. > > That said, I do as you describe and still SSH to my ssh-user account, > then "su" to root as needed from there. But at least there's a > middle ground that isn't as vulnerable as putting a root account out > there to be banged on by any script-o-matic bot that finds it.
I've done both of these. Most of my boxes don't have passwords on the root account AND don't allow SSH to root, relying on a sudo-enabled account usually; and it's perfectly possible to also deny password access to *any* account via SSH. Quite good for security... though it can create an awkward bootstrap problem if you lose all private keys that had access. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
