Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] bootable linux with sshd



On Tue, 2 Jan 2007, Fergal Daly wrote:

BTW, it stops password logins but allows root logins. I don't really
see the point of not allowing root logins, I'd only go and create
another user with sudo permission - it'd require knowing a second
secret to be able to get root....

That's the whole point. It's especially good if you disallow password logins, since then you've got to get hold of two different sorts of secrets (a password and a key file, which also usually has a passphrase on it), only one of which is subject to guessing. (Nobody's going to guess an ssh private key.) In fact, it adds even a third level of difficulty in that the attacker not only has to have a password and an ssh private key, but also has to know the name of the account that can sudo.

cjs
--
Curt Sampson       <cjs@example.com>        +81 90 7737 2974


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links