port-i386: Re: PermitRootLogin in SSHd (WAS: Re: Telnet logins)

Subject: Re: PermitRootLogin in SSHd (WAS: Re: Telnet logins)
To: Todd Vierling <tv@wasabisystems.com>
From: Andrew Brown <atatat@atatdot.net>
List: port-i386
Date: 08/23/2001 02:00:43

>Personally, I prefer ssh crypto keys for root access.  My machines don't
>even have valid passwords for root anymore; a ssh has to be used, even from
>localhost.  Logging the keys used for becoming root would probably be a
>trivial thing to implement.

ssh logging the keys that were used *in general* would also be a good
thing.  which looks nicer?

	Aug 23 01:58:45 dukey sshd[10009]: log: RSA authentication for \
	andrew accepted.

	Aug 23 01:58:45 dukey sshd[10009]: log: RSA authentication for \
	andrew accepted with key andrew@something.

?  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."