Date: Mon, 01 Mar 2004 10:41:58 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: Stephen Liu <satimis@icare.com.hk> Cc: freebsd-questions@freebsd.org Subject: Re: SSH Problem Message-ID: <404367D6.6030801@daleco.biz> In-Reply-To: <200403020809.43752.satimis@icare.com.hk> References: <200403020152.37627.satimis@icare.com.hk> <20040301143307.GC11958@nkinkade.bmp.ub> <200403020809.43752.satimis@icare.com.hk>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephen Liu wrote: >- snip - > > >>You say that this works as root, but your example seems to indicate >>otherwise. By default, root logins via ssh is disabled in the sshd >>config file, usually at /etc/ssh/sshd_config. If for some reason you >>want to allow root logins via ssh then uncomment the following line and >>change "no" to "yes" - then restart sshd: >> >>PermitRootLogin yes >> >>However, I think this would generally be frowned upon from a security >>standpoint. >> >> > >Hi Nathan, > >Tks for your advice which works. > >This arrangement is only to facilitate Administor's job. He operates outside >contact as 'user' from there if necessary he can login as root doing >maintenance. > >B.R. >Stephen > > > No, no, no...!! :-) He should be a member of the "wheel" group. He should then ssh in as "user", and use su(1) to "become" root. Better even still, install sudo (/usr/ports/security/sudo) and let him use that: then you can see what your Administrator has been up to, if necessary.... HTH, Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?404367D6.6030801>