remote admin
Josh Grosse
josh at jggimi.homeip.net
Sun Jun 24 19:34:55 PDT 2007
On Thu, Jun 07, 2007 at 02:50:00AM -0400, x x wrote:
> What is the most secure way for remote login on to someone's computer
> as root for doing admin work on the system?
See these man pages:
ssh(1)
sshd(8)
ssh_config(5)
sshd_config(5)
login.conf(5)
Regarding root login:
In general, it is recommended that one NOT log in as root. Instead, the admin
should use either su(1) or sudo(8). The default install permits root login
for ease of installation and setup. The sshd_config(5) man page will show
you how to disable root login.
Regarding authentication:
By default, sshd will allow password authentication, again for ease of
installation and setup. OpenBSD has many different authentication schema,
password authentication is usually one of the weakest. See the AUTHENTICATION
section of login.conf(5) for a complete list.
----
My sshd server does not permit root login, nor does it permit password
authentication. It allows either public key authentication or S/Key one-time-
use passphrases. My /etc/ssh/sshd_config file has these custom settings
related to authentication/login:
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication yes
Good luck. If you can set your mail client to output plain text rather than
HTML, it would help make your next messages easier to read.
More information about the Openbsd-newbies
mailing list