Re: passwordless ssh root logins stopped working after testing dist-upgrade
On Tue, Apr 6, 2010 at 4:14 PM, Stephen Powell <firstname.lastname@example.org> wrote:
> On Tue, 6 Apr 2010 14:12:19 -0400 (EDT), Russell L. Carter wrote:
>> I dist-upgraded yesterday and ssh root logins started requiring a
> OK, I'll bite. Not that this is any of my business, but why do you
> allow *root* logins via *ssh* _without_ a password. Isn't that dangerous?
> At my shop, our policy is that root is not allowed to login via ssh
> at all. root can only login from the system console. To login as
> root via ssh, one must login as a normal user first, then su to root.
> But you not only allow root to login via ssh, you don't even require
> a password! That sounds like a security hole big enough to drive a
> tank through! Would you mind explaining why you do this?
What the PermitRootLogin without-password actually does is restrict
root login to key authentication only. This (imo), is more secure than
the default configuration as public keys are much more difficult to
bruteforce than passwords. Also, your typical botnet (based on my own
experiences/logs) is usually attempting to brute-force passwords.
Also, you can add a passphrase to your public key so that it requires
both a key and password. This also works with without-password but
will create issues when you have scripts that need to be able to
The sshd_config manpage does not do a very good job of explaining
this. Hope that clears up some confusion Stephen.