Another reason to prefer a real root over sudo
Steve Lamb
grey at dmiyu.org
Mon Feb 16 08:23:39 UTC 2009
Chris G wrote:
> On the other hand the second password gives extra security. I have
> outside ssh access to my machine but root ssh access is not allowed.
> Thus if anyone does break in by guessing (or finding by other means)
> my password they still don't get root access because I have sudo
> privileges turned off.
There are better ways to handle this than having a password on root.
1. Public key only logins on ssh - They can't guess your password until
they've broken into the syste, since ssh refuses to authenticate via passwords.
2. knockd - ssh just doesn't answer until you tell it do
--
Steve C. Lamb | But who can decide what they dream
PGP Key: 1FC01004 | and dream I do
-------------------------------+---------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090216/973d3fcf/attachment.sig>
More information about the ubuntu-users
mailing list