Mark Goldstein wrote:
On Fri, Apr 17, 2009 at 10:17 PM, Linda Walsh <suse@tlinx.org> wrote:
Seems odd that having it commented out would mean it's the current default in 11.0+10.3, but not in 11.1, but the sshd_config, I'd think, would only be used in logging in to a server.
It is also commented out on my 11.0. Probably it is done by hardening scripts. It is considered better security practice, not to allow root remote logging. One is supposed to log in as normal user and then use sudo / su to do root stuff.
I don't think it's done by hardening scripts. The "allow root" would disallow logging via password (as well, _I think_ by a shared RSA or DSA key). Ideally, you only log in from machines on your network that use your key and disallow keyboard-interactive password login. But in the instance of wanting to access your system from some outside 'public' system, people have trusted passwords, which unfortunately, might be electronically sniffed, presuming not outright monitored by those providing the "public terminal", thus, the desirability of some type of one-time password generation system. Meanwhile, I'm still a bit bewildered why public-key login is not working, but only for root (leaving only interactive pw) on the new system. Was hoping someone else might 'just know' if (by running into and solving the same prob) due to some 11.1 specific change. Probably change in 11.1 was the culprit. Meanwhile, back to searching...(my Friday evenings and weekends are filled with great fun! :-)) -linda -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org