[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#122188: ssh: ssh should start earlier

Russell Coker <russell@coker.com.au> wrote:
> On Mon, 15 Sep 2003 12:00, Andrew Pimlott wrote:
>> I think this is basically a good idea.  My ideal would be for sshd
>> start early (as soon as /usr is mounted, before attempting to mount
>> other filesystems) with a minimal config that allows only root
>> logins, then restart later with the normal config.  This would be a
>> creat option to offer out-of-the-box, though I guess it would take a
>> little bit of juggling to get right.

> Having sshd allow root logins during the boot process when you don't
> allow such logins while the machine is fully operational seems like
> a bad idea.

> If allowing root logins is not considered to be a security problem
> then they should be allowed at all times.

They are.

Debian's "out-of-the-box" ssh config features PermitRootLogin yes,
therefore Andrew's suggestion boils down to "early ssh allows login
_only_ for root, restarted ssh allows login for all users, including
root" instead of "root" vs. "everbody but root" as you read it.
              cu andreas

Hey, da ist ein Ballonautomat auf der Toilette!
Unofficial _Debian-packages_ of latest unstable _tin_

Reply to: