Re: Different root passwords

linux-admin.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Thornton Prime <theoszi@gmail.com>
To: "Mário Gamito" <gamito@netual.pt>
Cc: linux-admin@vger.kernel.org
Subject: Re: Different root passwords
Date: Thu, 9 Dec 2004 12:46:38 -0800	[thread overview]
Message-ID: <2d7eccf504120912466bee20c4@mail.gmail.com> (raw)
In-Reply-To: <41B8B632.5060608@netual.pt>

On Thu, 09 Dec 2004 20:31:46 +0000, Mário Gamito <gamito@netual.pt> wrote:
> Is it possible to have in Linux different root passwords, for the same
> machine: one for accessing it inside the intranet and another for
> accessing through the internet ?
> 
> I know FreeBSD does this.

Can you send a link to documentation on this feature in FreeBSD? I'm
having difficulty understanding the purpose of it, though I'm sure it
can be accomplished.

In general, allowing access to remote root logins by password alone is
not something I'd recommend. If you want to restrict access by
interface, a much more secure mechanism is to use SSH keys and
restrict access by interface by SSH keys. The different keys can have
different passphrases, which sounds like it would do what you want.

There are other ways of restricting access by interface, though it is
difficult to know which will work for you without understanding the
mechanism of the FreeBSD feature you wish to emulate.

thornton
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2004-12-09 20:46 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-09 20:31 Different root passwords Mário Gamito
2004-12-09 20:46 ` Thornton Prime [this message]
2004-12-09 21:37   ` Mário Gamito
2004-12-09 20:57 ` Jim C. Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2d7eccf504120912466bee20c4@mail.gmail.com \
    --to=theoszi@gmail.com \
    --cc=gamito@netual.pt \
    --cc=linux-admin@vger.kernel.org \
    --cc=thornton@yoyoweb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).