[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSHd User root not allowed DenyUsers



On Wed,06.May.09, 10:06:58, Dr. Harry Knitter wrote:
 
> PermitRootLogin
> 
> steht standardmäßig auf no.

Eigentlich nicht:

,----[ /usr/share/doc/openssh-server/README.Debian.gz ]
| PermitRootLogin set to yes
| --------------------------
|
| This is now the default setting (in line with upstream), and people
| who asked for an automatically-generated configuration file when
| upgrading from potato (or on a new install) will have this setting in
| their /etc/ssh/sshd_config file. 
`----

> Das sollte auch so bleiben, zumindest solange die Authentifizierung mittels 
> Passwort möglich ist und nicht über Schlüssel erfolgt.

und weiter:

,----[ /usr/share/doc/openssh-server/README.Debian.gz ]
| Having PermitRootLogin set to yes means that an attacker that knows
| the root password can ssh in directly (without having to go via a user
| account). If you set it to no, then they must compromise a normal user
| account. In the vast majority of cases, this does not give added
| security; remember that any account you su to root from is equivalent
| to root - compromising this account gives an attacker access to root
| easily. If you only ever log in as root from the physical console,
| then you probably want to set this value to no.
`----

Grüsse,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

Attachment: signature.asc
Description: Digital signature


Reply to: