[ On , July 8, 2002 at 22:43:42 (-0700), Wolfgang Rupprecht wrote: ]
> Subject: Re: automatic login
>
> 
> The part I found uncomfortable was that in each case there was an
> unencrypted set of root credentials laying around for the taking.  If
> someone manages to copy that file, they could come in from the
> internet side as root.

It's safer to use /root/.shosts.  You could also 

The SSH.COM version of sshd2 allows "user@host" form in AllowUsers.  In
combination with DenyUsers you could configure the target machine to
only allow root from certain hosts.

Hmmmm....  the SSH.COM version also has AllowSHosts:

       AllowSHosts
              This keyword can be followed by any number of  host
              name  patterns,  separated  by  commas, just as the
              option  AllowHosts.   The   entries   in   .shosts,
              .rhosts, /etc/hosts.equiv and /etc/shosts.equiv are
              ignored if they do not match one  of  the  patterns
              given here (if there are any).

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>