New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Thanks for sharing the same... my comment was more on a sarcastic note than serious one... ๐
That works. As I said, there is no perfect answer and I will not argue with those who follow different practices. If it works for you and your your security configuration is satisfactory, who can argue with that?
I do not allow root login over SSH. If I want root, I must login using the unprivileged and essentially unused remote SSH account. I can "su" to the admin account from it, and "sudo" from the admin account if I want superuser (root) privileges. Yes, two additional steps after login, but it has kept my systems safe for a long time.
I edit the default SSH configuration file with the following changes:
I use "visudo" to modify the sudoers list. The admin account is the only account that I enable for sudo. I give it full privileges "adminaccount ALL=(ALL) ALL", but others may be more restrictive. You are not required to use "visudo", but it is recommended for editing the sudoers list. For those who do not like "vi", I noticed that the latest distros open visudo in nano instead of vi. There are other ways that people configure sudo access such as using group privileges.