Abotu setting 'PermitRootLogin=no' in sshd_config

Milan Keršláger milan.kerslager at pslib.cz
Mon Jan 12 09:20:08 UTC 2015 

>     Hello,
>
> Sshd(8) daemon by default allows remote users to login as root.
>
>   1. Is that really necessary?
>   2. Lot of users use their systems as root, without even creating a
non-root user.
>      Such practices need to be discouraged, not allowing remote root
login could be
>      useful in that.
>
> Does it make sense to disable remote root login by default? If so, do
> we need to just report it to the maintainer or it would be treated as
> a feature?

This is generally a very bad idea, because this is NOT SECURE AT ALL.

1) If the problem is brute force attack (BF) against root account, this
solution will not prevent BF at all, because BF could be used against
other accounts too (it may not so easy, but BF means to try all possible
solutions to find the correct one so no change to BF here)
2) You have to fight BF attack in general, which means to use some kind
of wrapper to block unsuccesfull logins, but this will raise the
security problem, because this wrapper could be vulnerable, ie. may
contain some bug which could be security disaster.
3) Previous solution with wrapper could be solved by some kind of script
and touching iptables/tcp_wrapper and this will not be security problem,
so this is better than 2)
4) Blocking root access means forcing admins to log as normal user and
then do su/sudo and providing root password, which is far less secure
than disable root password authentication and allow login to root with
SSH key only, because password could be easily stolen (private key is
never send to the net so is more safe).
5) When a user provides login/password through ssh, the ssh know whats
going on, so there is a padding (with nothing) included in the initial
network communication to prevent spoofing on how the password "sounds
like" (ie sniffing on password typing), but when the user is logged-in,
the ssh has no clue what is going on so no padding could be inserted to
the network communication and this is why there is possibility to attack
(spoof) on password the user provides when doing su/sudo after
succesfull login. See SSH protocol explanation and a lot of very good
articles about this.
6) Because all I wrote above, disabling root login is "Security through
obscurity" and THIS NOT IMPROVE SECURITY! See
https://cs.wikipedia.org/wiki/Security_through_obscurity and 5) above

There are possible solutions for this problem:

A) do not allow any SSH connection (the user should enable SSH on its own)
B) provide good blocking script as of 3) above by default [there are
many out there]
C) do not allow user to set weak root password at all

As Fedora is focused as desktop, I wonder why SSH is enabled by default.
RHEL/CentOS/SLES/whatever is focused as server and this sounds me
reasonable to allow SSH by default.

Yes, Debian/Ubuntu etc. disable root login by default but as I wrote,
this is not security feature, it only provides false security feeling
and by nature it lower security (see above). Don't do the same please
only because others do too. Don't think about to make the computer more
secure and allow administrator to be stupid on the same time!

-- 
                            Milan Keršláger
                            http://www.pslib.cz/ke/
                            http://www.nti.tul.cz/wiki/Milan.Kerslager

More information about the devel mailing list