Re: Root SSH permitted by default (was: how does root run a graphical prog)

To: debian-user@lists.debian.org
Subject: Re: Root SSH permitted by default (was: how does root run a graphical prog)
From: Jamin W.Collins <jcollins@asgardsrealm.net>
Date: Mon, 20 May 2002 14:37:10 -0500
Message-id: <[🔎] 20020520143710.40940c85.jcollins@asgardsrealm.net>
In-reply-to: <[🔎] 20020520192610.GC31416@arborlon.riva.ucam.org>
References: <[🔎] 20020520234531.A5314@singnet.com.sg> <[🔎] 200205201849.19341.gtdev@spearhead.de> <[🔎] 20020520123728.B606@sherohman.org> <[🔎] 20020520180150.GA30651@arborlon.riva.ucam.org> <[🔎] 20020520133749.19d52f42.jcollins@asgardsrealm.net> <[🔎] 20020520192610.GC31416@arborlon.riva.ucam.org>

On Mon, 20 May 2002 20:26:11 +0100
"Colin Watson" <cjwatson@debian.org> wrote:

> Like the document says, regularly su'ing to root from an account makes
> compromising that account essentially equivalent to compromising root
> anyway. I don't see a problem with the default configuration, and nor do
> OpenSSH upstream.

Good security is layered. Because a normal account could be compromised
and su'ing to root accomplished doesn't mean that it should be made easier
for a cracker by allowing direct root logins.  Additionally, the default
Debian ssh config allows for password authentication.  This is definitely
a bad idea.

The defaults for most other settings show a desire to make the
installation more secure.  It really doesn't make sense (at least not to
me) to tighten up other defaults but just leave the key in the lock on
these two.

> I can safely say that this is a pointless discussion; I know the
> maintainer, and he's not going to change his mind. If you disagree,
> you're free to change the configuration for yourself.

I have on all of my systems, as soon as they were installed.  However, it
would be nice to know the reasoning behind this default configuration.

-- 
Jamin W. Collins

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Daniel D Jones <ddjones@riddlemaster.org>

References:
- how does root run a graphical prog
  - From: Willy S <spamtrap@bozz.com>
- Re: how does root run a graphical prog
  - From: Nicos Gollan <gtdev@spearhead.de>
- Re: how does root run a graphical prog
  - From: Dave Sherohman <esper@sherohman.org>
- Re: how does root run a graphical prog
  - From: Colin Watson <cjwatson@debian.org>
- Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Jamin W.Collins <jcollins@asgardsrealm.net>
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Calendar/scheduling softwae fro debain?
Next by Date: Re: Is it perfectly to pass argv[] this way to function ?
Previous by thread: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Next by thread: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Index(es):
- Date
- Thread