| John Lavin on Mon, 1 Jul 2002 04:50:09 +0200 |
|
christophe barbé said: > Of course I say that ssh is good. I guess everybody is already persuaded > that telnet and rlogin are not safe. I am persuaded at the least... > I don't understand your last sentence. Do you mean that you don't log in > as root without encryption ? I don't log in as root *remotely* as root, that's correct. > You can have use passphrase to encode your private keys and use > ssh_agent to do safe and convenient at the same time. > > My question is : Is there a good reason to avoid log in as root > directly when using a secured channel ? Then I guess an attacker still has to compromise a system with the keys and break one password. Same as if the sshed as a normal user and attempted to crack the remove root password. The best thing would probably be to both not have a root authorized key *and* password protect the private keys, but I don't go that far. I guess its up to you. I can't give you a reason, I just get skittish having a root authorized key available remotely. -john -- John Lavin jlavin@ccil.org Public Key: http://mercury.ccil.org/~jlavin/lavin-public-key.gpg ______________________________________________________________________ "Petty fears and petty pleasures are but a shadow of the reality." - H.D. Thoreau Attachment:
pgpOCByMEzz1g.pgp
|
|