You might consider using groups for access control so that you need not use root for file transfers.
Another possibility to consider, if root is needed, is to re-enable root login but disable passwords, and use public key authentication instead. In
sshd_config(5) use (only the highlighted line is not a default):
Code:
PermitRootLogin yes
PasswordAuthentication no
PubkeyAuthentication yes
If you've never used public key authentication before, here's a simple level-set:
Code:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tester/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tester/.ssh/id_rsa.
Your public key has been saved in /home/tester/.ssh/id_rsa.pub.
The key fingerprint is:
3a:ca:80:b4:10:c5:ab:6a:ae:3e:3e:25:28:7f:5f:61 tester@jggimi.homeip.net
The key-pair are tied together; a private half and a public half. The private half is kept private. The public half of a key pair may be sent via e-mail, or published on a website. You send the public half (id_rsa.pub) to the system you want to be able to log on to; it gets appended to $HOME/.ssh/authorized_keys.
To connect between servers, no passphrase is used. When humans use keys for authentication, it is recommended to use passphrases. The best practice for authentication is to have require two components -- something the user has (the private key, a token, a fingerprint) and something the user knows (a passphrase or password).