Abotu setting 'PermitRootLogin=no' in sshd_config
Reindl Harald
h.reindl at thelounge.net
Fri Nov 21 08:42:52 UTC 2014
Am 21.11.2014 um 08:11 schrieb P J P:
> Sshd(8) daemon by default allows remote users to login as root.
>
> 1. Is that really necessary?
> 2. Lot of users use their systems as root, without even creating a non-root user.
> Such practices need to be discouraged, not allowing remote root login could be
> useful in that.
>
> Does it make sense to disable remote root login by default? If so, do we need to just report it to the maintainer or it would be treated as a feature?
normally if you care for security you disable password logins at all,
setup key-authentication and "PermitRootLogin without-password"
many machines i maintain only have a root account for login
why? because they are servers for specific tasks and *any* non-root
login would be followed by "su - root" anyways and for automated rsync
scripts backing up data only root has access you need it also
for all of that you need a initial ssh login in most cases (except you
work with a CD/DVD containing the key in case of a local install)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141121/a741f0f2/attachment-0001.sig>
More information about the devel
mailing list