Re: [SLUG] SuSE - "connection to ":0.0" refused by server"

From: Matt Miller (Matthew.Miller@wellcare.com)
Date: Thu Oct 02 2003 - 15:35:58 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 02 October 2003 03:11 pm, you wrote:
> Ugh, then you have to allow root ssh login. Even if you're only allowing
> from localhost...

Really, I am into security and all, but what are the risks of allowing root
ssh login to your localhost? - especially on a desktop machine.

Simply enable PubkeyAuthentication only (disable PasswordAuthentication),
setup rsa/dsa keys for root (protect with a passphrase), and add the pubkey
to authorized_keys. Without the private key, no one can remotely ssh as root
to your box.

> Personally, I use sudo instead of su, and sudo takes care of it
> automagically. "But sudo will only run one command," you say? `sudo
> tcsh`.

I use sudo extensively myself as well. It is cleaner and easier. Didn't even
cross my mind when I posted the response...

- --
Matt Miller
Senior Sun Engineer
WellCare

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/fH4jIomZUAi8ewYRAunKAJ9H3BbzmV55Bt/u0lzfTEl0oT7LowCfWw7x
wB3P01nTy0VdyIwrrc/bgwg=
=zBQA
-----END PGP SIGNATURE-----

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:46:35 EDT