Re: PermitRootLogin enabled by default
I tend to set it to "without-password" to allow a remote root entry only
via RSA/DSA keys, also making sure to restrict it further with as many
applicable options for "AuthorizedKeysFile" ( man sshd )
This is done as a restricated remote root backdoor as well as automated
network backups via dump & restore.
Leaving it set to yes is just an invitation for people to brute force the
root password.
-- Steve
On 26 Jun 2002, InfoEmergencias - Luis Gómez wrote:
> Hi all
>
> Messing up with sshd_config for all the privsep stuff, I've noticed that
> PermitRootLogin was set to yes in my three woody boxes. I usually
> consider this a problem (although it has been my fault - i should have
> checked and noticed this much time ago). What do you think of this?
>
> IMHO, we'd better set it to no. I always thought it was much better. Is
> there any landscape in which you may want to allow direct root login to
> your host?
>
> Regards,
>
> Luis
>
> --
> Luis Gómez Miralles
> InfoEmergencias - Technical Department
> Phone (+34) 654 24 01 34
> Fax (+34) 963 49 31 80
> lgomez@infoemergencias.com
>
> PGP Public Key available at http://www.infoemergencias.com/lgomez.asc
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
[-] Steve Mickeler [ steve@neptune.ca ]
[|] Todays root password is brought to you by /dev/random
[+] 1024D/ACB58D4F = 0227 164B D680 9E13 9168 AE28 843F 57D7 ACB5 8D4F
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: