Another reason to prefer a real root over sudo

Steve Lamb grey at dmiyu.org
Mon Feb 16 08:23:39 UTC 2009


Chris G wrote:
> On the other hand the second password gives extra security.  I have
> outside ssh access to my machine but root ssh access is not allowed.
> Thus if anyone does break in by guessing (or finding by other means)
> my password they still don't get root access because I have sudo
> privileges turned off.

    There are better ways to handle this than having a password on root.

1. Public key only logins on ssh - They can't guess your password until
they've broken into the syste, since ssh refuses to authenticate via passwords.

2. knockd - ssh just doesn't answer until you tell it do

-- 
         Steve C. Lamb         | But who can decide what they dream
       PGP Key: 1FC01004       |      and dream I do
-------------------------------+---------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090216/973d3fcf/attachment.sig>


More information about the ubuntu-users mailing list