Root Access

[Tony Nelson]

On 09-06-14 09:50:23, Tom Horsley wrote:

>I use the nifty (relatively) new "Match" sshd_config stuff to disable
>root login (and any kind of simple password login for that matter)
>from IP addresses outside my local network, so I can still ssh as root
>easily inside my firewall, but if I'm coming from outside, I need the
>proper long passphrase protected public key and can only login
>as a normal user.

I back up my remote servers using a customized script using rsync, so 
they all need and have ssh key access to root (PermitRootLogin without-
password).  As long as I have that set up, I figure that I might as 
well log in directly as root myself.  I do have another layer of 
defense, using the iptables "recent" module, along with pam_recent to 
allow for repeated successful logins.

I'm open to advice if this is not a good way to do it.