On Wed, 2006-06-14 at 20:22 +0200, M. Fioretti wrote:
On Wed, Jun 14, 2006 12:38:51 PM -0500, Les Mikesell (lesmikesell@gmail.com) wrote:
On Wed, 2006-06-14 at 18:56 +0200, M. Fioretti wrote:
I've read on several howtos that one way to make ssh more secure, or at least reduce the damage if somebody breaks in, is to NOT allow direct ssh login from root, but allow logins from another user. So you have to know two passwords in order to do any real damage.
I'm new to all this, so I hope it's useful. This WFM (Works For Me) in my little LAN.
Better is no passwords? I ssh around my little niche using only the files '*known_hosts' in ~/.ssh and /etc/ssh and the public keys. If you have a restricted set of nodes from which you access the server, this seems an ideal solution for the "authorized access" part of your task. On my IPCop gateway, I don't allow password-based authentication and login.
[...]
Normally you would want people to use their own account for the initial login - <snip>
If passwordless login works for you, then maybe a restricted shell or chroot, once you are in, to further restrict? IIRC from recent readings of many docs *trying* to learn some of this stuff, that stuff doesn't have to be root either. So if they can be set as some other user and group, you don't have to worry about what root can do.
HTH