On Thu, 2007-02-08 at 16:55 +0100, Theo Band wrote: > I would advice these changes to the "default" sshd_config settings: > > PermitRootLogin without-password > AuthorizedKeysFile /just_a_dir/authorized_keys/%u > PasswordAuthentication no > UsePAM yes > > This will give you control of access if at least the > /just_a_dir/authorized_keys folder is not writeable for the world (the > keys need to readable, not writeable for the user that tries to log on) Like someone else has mentioned, we do not allow remote root logins of any kind. In fact, we have disabled root from logging in at all (even from the console). We set up sudo for users that may need root privileges. We decided to do this as sudo gives better logging options of anything that happens while root. If there was anytime where we actually need a full root prompt, we could always do sudo -s to get a full root prompt. -- Doug Registered Linux User #285548 (http://counter.li.org) ---------------------------------------- Random Thought: What is comedy? Comedy is the art of making people laugh without making them puke. -- Steve Martin