Re: PermitRootLogin enabled by default
On Wed, Jun 26, 2002 at 02:11:00PM +0200, InfoEmergencias - Luis Gómez wrote:
> Hi all
>
> Messing up with sshd_config for all the privsep stuff, I've noticed that
> PermitRootLogin was set to yes in my three woody boxes. I usually
> consider this a problem (although it has been my fault - i should have
> checked and noticed this much time ago). What do you think of this?
>
> IMHO, we'd better set it to no. I always thought it was much better. Is
> there any landscape in which you may want to allow direct root login to
> your host?
Not IMO.
I thank my lucky stars every day that it was decided to allow root logins by
default.
I have 194 Debian boxes to look after. I have ssh identity keys setup.
I can't go login to every box individually and run sudo or su every time I want
to change something.
I need to automate it, and I need to touch them all at once.
If it did default to off then I would have to carefully change that
every single time I upgrade ssh packages, or roll my own ssh packages.
Allowing root logins is such a huge convenience when you have many
machines that its really a must.
And when you only have a few machines its easy enough to go to each
one and disable it.
--
-tcole
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: