Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: Bond Masuda <bond.masuda@xxxxxxxxxx>
- Date: Fri, 06 Jun 2008 03:17:58 -0700
Hari Sekhon wrote:
I am a little surprised people have not been talking about ssh-key-only logins (but then I didn't bother mentioning it until now either... ;-) )
In my experience, using public key authentication is often more of a security risk, depending on the situation. If the remote machine that holds the private key (and some store this with no password for convenience) is compromised, they immediately have an open door into your server. You may have no control how passwords are enforced, updates are applied, or if any security is implemented on the remote end. Setting up public key authentication, in effect extends your "trust domain" to a server that may not be so trust worthy. To me, it makes more sense to rely on security I can control. (which is often not the case if it is some other user's office desktop or workstation)
-Bond
- Follow-Ups:
- Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: Joseph Spenner
- Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- References:
- Allowing remote root login seems to be bad. Why?
- From: Ron Arts
- Re: Allowing remote root login seems to be bad. Why?
- From: Mario Platt
- RE: Allowing remote root login seems to be bad. Why?
- From: Glenn Pitcher
- Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: Ron Arts
- Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- From: Hari Sekhon
- Allowing remote root login seems to be bad. Why?
- Prev by Date: Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- Next by Date: passwordless ssh between machines
- Previous by thread: Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- Next by thread: Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
- Index(es):
Relevant Pages
|
