Re: PermitRootLogin enabled by default

["Derek J. Balling" <dredd@megacity.org>]

> On Wed, Jun 26, 2002 at 04:05:58PM +0200, Christoph Ulrich Scholler wrote:
>
> >  On Wed, Jun 26, 2002 at 02:11:00PM +0200 or thereabouts,
> > InfoEmergencias - Luis Gómez wrote:
> >  > Messing up with sshd_config for all the privsep stuff, I've noticed that
> >  > PermitRootLogin was set to yes in my three woody boxes. I usually
> >  > consider this a problem (although it has been my fault - i should have
> >  > checked and noticed this much time ago). What do you think of this?
> >
> >  disallowing direct root logins via ssh provides for auditing.  you will
> >  always know which user became root.  this is why i keep PermitRootLogin
> >  turned off.
>
> Right, unless you actually want to use keys, which is the whole point.
> Just up the logging level and it will say which keys are logging in, and
> then you'll never have to transmit your root password to the server.
>
> Using "su root" later is worse than just logging in as root with a key.

I don't know if I agree with that but if even if I grant you that for
the sake of the argument, the sudo package is your friend.
--

+---------------------+-----------------------------------------+
| dredd@megacity.org  | "Thou art the ruins of the noblest man  |
|  Derek J. Balling   |  That ever lived in the tide of times.  |
|                     |  Woe to the hand that shed this costly  |
|                     |  blood" - Julius Caesar Act 3, Scene 1  |
+---------------------+-----------------------------------------+


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org