Re: Why Disable Root ssh login?

To: Grok Mogger <linuximp@gmail.com>
Cc: List Debian User <debian-user@lists.debian.org>
Subject: Re: Why Disable Root ssh login?
From: Erik Persson <erik-maillist@djingis.se>
Date: Fri, 15 Dec 2006 16:04:50 +0100
Message-id: <[🔎] 4582B992.9050509@djingis.se>
In-reply-to: <[🔎] 45824494.4090904@gmail.com>
References: <[🔎] 45824494.4090904@gmail.com>

Grok Mogger wrote:

I've often seen this touted as a good security measure and I've alwayswondered why. I can think of a few possibilities, but I really don'tknow. Could someone please explain it to me?
Thanks,
- GM

1. When a hacker tries to attack a site he (or she) has to guess 2separate strings - the username and the password. The former is ofteneasier to guess and is not as well guarded. There is however a bit ofguessing involved in finding a username. For root this is not the case.You don't have to guess the username "root" - it's always there. If youlook in your logs you'll find that username guessing is not all trivial.There's another important aspect as well: the number of users that areallowed external access. The more users, the easier it is to find auser/password combination that works. (Think of the username/passwordcombination as one string with a newline somewhere in it. As the numberof strings increase it will get easier to "guess" or brute force attackthem). If you regard the root/password as one string the first 5 lettersin the string are given - "root" and the newline. The amount of guessingis thus reduced compared to a situation where "root" is not allowed.

See 5 below as well.

2. If someone should get access to the computer as an ordinary user, youknow that the possible amount of damage to the system is lower than ifsomeone got root access. This means that you should do more to limit thepossibility to get root access.

3. There is a practical side to the problem as well. There are noreasons for anyone to have external root access, but often you want yourcomputer to be reachable from outside for some users (is there no needfor this, you should disable external access for all users, and youshould always allow external access only to users in need of it). Thereason is stated above.

4. Hackers are more interested in getting root access than ordinary useraccess as well.

5. To get root access to a computer were ssh to root etc is disallowed,the hacker has to guess 3 different strings. The username/password fora user as well as the password for root. This is obviously harder thanguessing only the root password. Comparing to external root access thismeans the hacker has to guess 2 more strings when external root accessis disallowed!


All together this means you shouldn't allow external root access.

/Erik

Reply to:

Follow-Ups:
- Re: Why Disable Root ssh login?
  - From: Michelle Konzack <linux4michelle@freenet.de>

References:
- Why Disable Root ssh login?
  - From: Grok Mogger <linuximp@gmail.com>

Prev by Date: Re: Why Disable Root ssh login?
Next by Date: Re: flashplayer9?
Previous by thread: Re: Why Disable Root ssh login?
Next by thread: Re: Why Disable Root ssh login?
Index(es):
- Date
- Thread