Root Access
Tony Nelson
tonynelson at georgeanelson.com
Sun Jun 14 18:16:07 UTC 2009
On 09-06-14 09:50:23, Tom Horsley wrote:
>I use the nifty (relatively) new "Match" sshd_config stuff to disable
>root login (and any kind of simple password login for that matter)
>from IP addresses outside my local network, so I can still ssh as root
>easily inside my firewall, but if I'm coming from outside, I need the
>proper long passphrase protected public key and can only login
>as a normal user.
I back up my remote servers using a customized script using rsync, so
they all need and have ssh key access to root (PermitRootLogin without-
password). As long as I have that set up, I figure that I might as
well log in directly as root myself. I do have another layer of
defense, using the iptables "recent" module, along with pam_recent to
allow for repeated successful logins.
I'm open to advice if this is not a good way to do it.
More information about the fedora-list
mailing list