Re: Why Disable Root ssh login?
On Fri, 2006-12-15 at 01:45 -0500, Grok Mogger wrote:
> I've often seen this touted as a good security measure and I've
> always wondered why. I can think of a few possibilities, but I
> really don't know. Could someone please explain it to me?
>
> Thanks,
> - GM
Think of a username and password as a lock and a key. You can't open the
lock without a key, finding a key is useless as it could open an
infinite number of locks.
So, guessing a username is half the battle, guessing the password is the
other half. That is last century thinking, we can now also help make
sure keys only work in certain locks if used by certain people.
If "root" is not a lock someone can touch, it becomes impossible to
pick. Disabling direct root login helps put an extra layer around it.
Leaving root enabled via SSH, you're doing half of the hacker's work for
them.
It also (as others point out) allows better auditing and tracking of who
used the root account, from where, and when. If everyone who had the
need for root access simply "shared" the same root login, accountability
becomes much more difficult to expect.
(Just) password authentication is antiquated. There's three ways to
identify yourself to something else :
1 - Who you are (username)
2 - What you know or have (password or keyfile)
3 - What you are (biometric) Or in some cases (limited) Your IP/PTR
Its better to use SSH key pairing and authenticate using all 3, rather
than just 1 and 2. Or, limit access on your SSH port (hopefully not on
the default port 22) to only a few certain IP's, ip's in a certain cidr
block, or matching a certain domain PTR.
Its very hard to get people to institute good, paranoid security because
it becomes cumbersome for average users. Average users don't need root
access via SSH, therefore failing to properly secure SSH is just lazy :)
Best,
-Tim
Reply to: