[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PermitRootLogin enabled by default

On Wed, Jun 26, 2002 at 04:05:58PM +0200, Christoph Ulrich Scholler wrote:

> On Wed, Jun 26, 2002 at 02:11:00PM +0200 or thereabouts, InfoEmergencias - Luis Gómez wrote:
> > Messing up with sshd_config for all the privsep stuff, I've noticed that
> > PermitRootLogin was set to yes in my three woody boxes. I usually
> > consider this a problem (although it has been my fault - i should have
> > checked and noticed this much time ago). What do you think of this?
> 
> disallowing direct root logins via ssh provides for auditing.  you will
> always know which user became root.  this is why i keep PermitRootLogin
> turned off.

Right, unless you actually want to use keys, which is the whole point. 
Just up the logging level and it will say which keys are logging in, and
then you'll never have to transmit your root password to the server.

Using "su root" later is worse than just logging in as root with a key.

Simon-

[        Simon Kirby        ][        Network Operations        ]
[     sim@netnation.com     ][     NetNation Communications     ]
[  Opinions expressed are not necessarily those of my employer. ]


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: