Re: Root SSH permitted by default (was: how does root run a graphical prog)

To: debian-user@lists.debian.org
Subject: Re: Root SSH permitted by default (was: how does root run a graphical prog)
From: Daniel D Jones <ddjones@riddlemaster.org>
Date: 20 May 2002 17:41:42 -0400
Message-id: <[🔎] 1021930903.1970.15.camel@mandor>
In-reply-to: <[🔎] 20020520143710.40940c85.jcollins@asgardsrealm.net>
References: <[🔎] 20020520234531.A5314@singnet.com.sg> <[🔎] 200205201849.19341.gtdev@spearhead.de> <[🔎] 20020520123728.B606@sherohman.org> <[🔎] 20020520180150.GA30651@arborlon.riva.ucam.org> <[🔎] 20020520133749.19d52f42.jcollins@asgardsrealm.net> <[🔎] 20020520192610.GC31416@arborlon.riva.ucam.org> <[🔎] 20020520143710.40940c85.jcollins@asgardsrealm.net>

On Mon, 2002-05-20 at 15:37, Jamin W.Collins wrote:
> On Mon, 20 May 2002 20:26:11 +0100
> "Colin Watson" <cjwatson@debian.org> wrote:
> 
> > Like the document says, regularly su'ing to root from an account makes
> > compromising that account essentially equivalent to compromising root
> > anyway. I don't see a problem with the default configuration, and nor do
> > OpenSSH upstream.
> 
> Good security is layered. Because a normal account could be compromised
> and su'ing to root accomplished doesn't mean that it should be made easier
> for a cracker by allowing direct root logins.  Additionally, the default
> Debian ssh config allows for password authentication.  This is definitely
> a bad idea.
> 
> The defaults for most other settings show a desire to make the
> installation more secure.  It really doesn't make sense (at least not to
> me) to tighten up other defaults but just leave the key in the lock on
> these two.

While I can see both sides of this argument, it seems to me that anyone
who is knowledgeable enough to understand and accept the dangers of
allowing root to ssh is knowledgeable enough to change the default. 
However, a great many people don't know enough to understand the dangers
and probably wouldn't know how to go about changing the default if they
don't need that capability.  I gotta agree with you here; always err on
the side of security.


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- how does root run a graphical prog
  - From: Willy S <spamtrap@bozz.com>
- Re: how does root run a graphical prog
  - From: Nicos Gollan <gtdev@spearhead.de>
- Re: how does root run a graphical prog
  - From: Dave Sherohman <esper@sherohman.org>
- Re: how does root run a graphical prog
  - From: Colin Watson <cjwatson@debian.org>
- Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Jamin W.Collins <jcollins@asgardsrealm.net>
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Colin Watson <cjwatson@debian.org>
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Jamin W.Collins <jcollins@asgardsrealm.net>

Prev by Date: Re: Print font in mozilla
Next by Date: Re: Is it perfectly to pass argv[] this way to function ?
Previous by thread: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Next by thread: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Index(es):
- Date
- Thread