On Thu, Jan 27, 2011 at 6:40 AM, Stephen Harris <lists at spuddy.org> wrote: > On Thu, Jan 27, 2011 at 02:39:29AM -0500, Nico Kadel-Garcia wrote: >> Wrong again. Never use public key access for root accounts, it simply >> compounds the security risks. Passphrase protected SSH keys can be > > That is 100% backwards. *NEVER* use password authentication for root > (passwords are easier to brute force 'cos people choose bad passwords). > Use ssh public key access for root, with appropriate restrictions > (eg "from="). Nope. Ideally, use *neither* for root. Allow root access only from the local console or a local shell with "su", or "sudo" if you want to share access. That provides much superior tracking of the root access and whose account was used for the inappropriate access. Remote root access in SSH should be avoided altogether, but if necessary, the SSH keys can be a big issue becuase of people who give exactly the advice we just saw. "Generate an unprotected key and publish it to the root account!" is, unfortunately, far too common, and we just saw someone suggest *exactly* that. Root does not, generally, need password-free access. If it does, SSH keys can provide some restrictions on it, as can sudo for other accounts to allow them only specific root activities. But root access without making you actually put in a password and think about what you're doing is *begging* for pain. In fact, the likely pain is only partially from stolen keys. It's also from people doing things as root without thinking about them, and making mistakes.