SSH Security
Leonard Isham
leonard.isham at gmail.com
Mon Dec 12 11:37:31 UTC 2005
On 12/10/05, wwp <subscript at free.fr> wrote:
> Hello Scot,
>
>
> On Tue, 06 Dec 2005 21:15:04 -0500 "Scot L. Harris" <webid at cfl.rr.com> wrote:
>
> > On Tue, 2005-12-06 at 20:58, Ben Halicki wrote:
> > > Hi all,
> > >
>
> BTW, is there a way to make ssh allowing root access from a specific
> interface (local for instance) and denying it from other ones (external)?
I have to say this is a bad idea. root access directly has no
accountability. login via a normal ID and sudo or if you really need
to su. now you have accountability.
Second you are creating complexity, which is the nemesis of security,
Complex solutions are more vulnerable due to the chance for error.
Use depth in defense. Multiple simple layers of security... firewall,
local iptables, ssh, no root access, sudo, logs....
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list