On Wed,06.May.09, 10:06:58, Dr. Harry Knitter wrote: > PermitRootLogin > > steht standardmäßig auf no. Eigentlich nicht: ,----[ /usr/share/doc/openssh-server/README.Debian.gz ] | PermitRootLogin set to yes | -------------------------- | | This is now the default setting (in line with upstream), and people | who asked for an automatically-generated configuration file when | upgrading from potato (or on a new install) will have this setting in | their /etc/ssh/sshd_config file. `---- > Das sollte auch so bleiben, zumindest solange die Authentifizierung mittels > Passwort möglich ist und nicht über Schlüssel erfolgt. und weiter: ,----[ /usr/share/doc/openssh-server/README.Debian.gz ] | Having PermitRootLogin set to yes means that an attacker that knows | the root password can ssh in directly (without having to go via a user | account). If you set it to no, then they must compromise a normal user | account. In the vast majority of cases, this does not give added | security; remember that any account you su to root from is equivalent | to root - compromising this account gives an attacker access to root | easily. If you only ever log in as root from the physical console, | then you probably want to set this value to no. `---- Grüsse, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
Attachment:
signature.asc
Description: Digital signature