| christophe barbé on Mon, 1 Jul 2002 04:30:08 +0200 |
|
On Mon, Jul 01, 2002 at 02:11:51AM -0000, Greg Sabino Mullane wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Then I don't remember the passwords (and would prefer not to have to) > > so su from the normal user to root seems inconvenient. > > Good security is seldom convenient. ssh_agent is not a big security gap and allow you to do secure and convenient at the same time. > Allowing access to your root account through any means other than a > good password stored in your head is extremely undesirable. I don't know how many passwords you can keep on your head but I am very limited for this. I use different passwords for each account and keep them in a safe place, I nearly never need them when using authoriezd ssh keys. If it was necessary to keep them in my head, they would certainly be weaker. > I never even ssh directly as root: my sshd has a very short list of > usernames allowed to ssh in, and 'root' ain't one of them. And I stopped Yes I understand that this is said to be unsecure to log in as root directly. My question is why when using a secure channel ? > using telnet years ago. As everybody I hope. Christophe > Greg Sabino Mullane greg@turnstep.com > PGP Key: 0x14964AC8 200206302207 > > -----BEGIN PGP SIGNATURE----- > Comment: http://www.gtsm.com > > iD8DBQE9H7odvJuQZxSWSsgRAlEJAKCFl/5yJcHyVnw2/qe5K0AsnEBt3wCfcVjt > WTNiC/BjTO51wYlodJqMakc= > =w/l2 > -----END PGP SIGNATURE----- > > > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug > -- Christophe Barbé <christophe.barbe@ufies.org> GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E Cats are intented to teach us that not everything in nature has a function. --Garrison Keillor Attachment:
pgpnhNm0jUQN9.pgp
|
|