Abotu setting 'PermitRootLogin=no' in sshd_config
Reindl Harald
h.reindl at thelounge.net
Fri Nov 21 11:07:54 UTC 2014
Am 21.11.2014 um 12:05 schrieb Reindl Harald:
> Am 21.11.2014 um 11:55 schrieb Roberto Ragusa:
>> On 11/21/2014 09:42 AM, Reindl Harald wrote:
>>
>>> why? because they are servers for specific tasks and *any* non-root
>>> login would be followed by "su - root" anyways and for automated
>>> rsync scripts backing up data only root has access you need it also
>>
>> For rsync-as-root use cases my usual approach is to create another
>> account with userid=0 and login with ssh on this account.
>> It is not root, but it has the same powers (because the numeric uid is
>> the only
>> thing it really matters).
>>
>> Just wanted to share the trick
>
> thanks, but that would alert in lynis checks
>
> "PermitRootLogin without-password" after setup key-authentication should
> be the first action anyways - however i am neutral to any default here
> since on physical machines no problem and most remote machines are setup
> as virtual machine and so "local access"
not entirely neutral
"PermitRootLogin without-password" instead "PermitRootLogin no" has the
same effect until "authorized_keys" got configured but avoids people
going mad why the key-auth-setup don't work :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141121/8c5b2bbb/attachment.sig>
More information about the devel
mailing list