On Sunday 29 October 2006 00:50, 张韡武 wrote:
Does it make sense to turn of root ssh login and to turn off password login at the same time? This is the current situation but I want to am I lowering down security level by enabling root login but keep password login disabled?
Try not to get all uptight about ssh-key login as opposed to password. SSH login, whether it be by password or ssh-key (public key) is about as safe as is practical. Some people worry about password login mostly because of hysteria over key-stroke-timing (which can be easily overcome by humming a tune while you type passwords). Passwords need only be stored in you head. ssh-keys have to be written on a disk somewhere, which means the target machine is only as secure as the access machine, which in most cases means not at all. -- _____________________________________ John Andersen