Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

To: debian-user@lists.debian.org
Subject: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
From: <tomas@tuxteam.de>
Date: Wed, 17 Feb 2016 15:59:35 +0100
Message-id: <[🔎] 20160217145935.GA3028@tuxteam.de>
In-reply-to: <[🔎] 56C49124.6070906@ludikovsky.name>
References: <[🔎] CAFMGiz9e10ugawRLti+SGjfZu4XHHXZKkG=n0mcR6XniPRvp5Q@mail.gmail.com> <[🔎] 56C4826B.2080108@ludikovsky.name> <[🔎] CAFMGiz9UnLLgsrQnq7rsE4+wCDp1kD9H2HjEiVuP-Qpn5U4Jqg@mail.gmail.com> <[🔎] 56C49124.6070906@ludikovsky.name>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Feb 17, 2016 at 04:26:28PM +0100, Peter Ludikovsky wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> More or less. What I wouldn't agree with is locking the root account
> completely, because, like Thomas said, you'll be locked out should you
> ever be dropped to a rescue shell due to an hardware error.

There are ways around it. For example, you can specify /bin/sh (or bash)
as init. Or you can boot from a rescue system on another medium.

My point was: you *should* know that (and perhaps have given it a dry
run) before disabling root login. When trouble hits it's too late,
because you don't know how to deal with init=/bin/sh or you haven't that
rescue medium conveniently around :-)

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbEitcACgkQBcgs9XrR2kbTaACeKVNQ1Zk/Pv89pIomKF7G39yJ
uc0AnAigC8J7Fougjj8IEZXx1YpcRf7t
=DDfS
-----END PGP SIGNATURE-----

Reply to:

References:
- Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Tom Browder <tom.browder@gmail.com>
- Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Peter Ludikovsky <peter@ludikovsky.name>
- Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Tom Browder <tom.browder@gmail.com>
- Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Peter Ludikovsky <peter@ludikovsky.name>

Prev by Date: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Next by Date: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Previous by thread: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Next by thread: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Index(es):
- Date
- Thread