Subject: Re: Can't SSH into 1.6 as root
To: None <>
From: gabriel rosenkoetter <>
List: port-macppc
Date: 10/07/2002 13:53:56
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 30, 2002 at 08:51:50PM -0700, Dan wrote:
> but it is NOT recommended. The reason this has been changed is because th=
> is no reason you shouldn't be logging in as a regular user who's in the
> wheel group and then su'ing to root when needed.
Sure there is. If I su, then I pass a shared secret across the wire,
even if it is enciphered. If I use PKI authentication, then no
shared secret ever crosses the wire. (Note that I keep the keys
which allow me access as root to a variety of systems on a floppy
and on my person at all times.)
That said, I aprove of default to PermitRootLogin no over yes for
the general case. I'll just always be changing it to without-password,
and you'll have a pretty hard time convincing me I'm doing the
wrong thing. :^>
gabriel rosenkoetter
Content-Type: application/pgp-signature
Content-Disposition: inline
Version: GnuPG v1.0.7 (NetBSD)