-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Wayne Stallwood ALUGlist@digimatic.plus.com wrote:
I am actually a little shocked that this isn't the default setting for the ssh server on your distro.
I'm not, fwicr the debian policy and upstream policy changed this default setting a couple of years back, especially if it was ssh2. There are good reasons to leave root being able to login via ssh... in some cases root might be the *only* real account on the box, with any others pulled in via nis, or ldap or from a database etc... if this goes down, how are you going to get in to the machine to repair it? Oh, and often, you might have /home mounted over NFS or similar, and users may not be permitted to login if their home directory "doesn't exist", root can.
<snippity />
Right - and with that, I shall wander off to be a little hungover again :)
Thanks, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk