Re: PermitRootLogin enabled by default
Sebastian Rittau <srittau@jroger.in-berlin.de> writes:
> On Wed, Jun 26, 2002 at 02:11:00PM +0200, InfoEmergencias - Luis Gómez wrote:
>
> > IMHO, we'd better set it to no. I always thought it was much better. Is
> > there any landscape in which you may want to allow direct root login to
> > your host?
>
> Yes, there is. For example I have some servers that retrieve their user
> information from a database. If the database is not reachable, an
> ordinary user can't login, but root can, since it's the only local
> account with login privileges.
Yes, this is an idea, along with simple backups (over scp/rsync, without
sudo server-side).
Doesn't sashroot also constitute uid-0 login and fall subject to the above?
> But then this is a special case that doesn't require root logins enabled
> by default. On the other hand I don't see why allowing direct root logins
> is a problem.
Having `PermitRootLogin yes' gives someone a known username to brute-force.
Fortunately, sshd_config(5) to the rescue, here:
| PermitRootLogin
| Specifies whether root can login using ssh(1). The argument
| must be ``yes'', ``without-password'',
| ``forced-commands-only'' or ``no''. The default is ``yes''.
For potentially-interactive purposes (rescuing a remote server), I'd go
with without-password; if you know that root coming in via this access
means is only going to want to run one command (eg for backup purposes when
you have console access a matter of metres away) then you can afford the
extra security of a forced-commands-only approach[0].
[0] Note FWIW that this is not "you asked for the wrong command, so I'll do
nothing"; it's "no matter what you asked, I'm going to do <Foo>" as
specified in the cmd= restriction...
~Tim
--
<http://spodzone.org.uk/>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: