Re: Bug#122188: ssh: ssh should start earlier

[Andreas Metzler <ametzler@downhill.at.eu.org>]

Russell Coker <russell@coker.com.au> wrote:
> On Mon, 15 Sep 2003 12:00, Andrew Pimlott wrote:
>> I think this is basically a good idea.  My ideal would be for sshd
>> start early (as soon as /usr is mounted, before attempting to mount
>> other filesystems) with a minimal config that allows only root
>> logins, then restart later with the normal config.  This would be a
>> creat option to offer out-of-the-box, though I guess it would take a
>> little bit of juggling to get right.

> Having sshd allow root logins during the boot process when you don't
> allow such logins while the machine is fully operational seems like
> a bad idea.

> If allowing root logins is not considered to be a security problem
> then they should be allowed at all times.
[...]

They are.

Debian's "out-of-the-box" ssh config features PermitRootLogin yes,
therefore Andrew's suggestion boils down to "early ssh allows login
_only_ for root, restarted ssh allows login for all users, including
root" instead of "root" vs. "everbody but root" as you read it.
              cu andreas



-- 
Hey, da ist ein Ballonautomat auf der Toilette!
Unofficial _Debian-packages_ of latest unstable _tin_
http://www.logic.univie.ac.at/~ametzler/debian/tin-snapshot/