Am 21.11.2014 um 08:11 schrieb P J P:
Sshd(8) daemon by default allows remote users to login as root.
- Is that really necessary?
- Lot of users use their systems as root, without even creating a non-root user. Such practices need to be discouraged, not allowing remote root login could be useful in that.
Does it make sense to disable remote root login by default? If so, do we need to just report it to the maintainer or it would be treated as a feature?
normally if you care for security you disable password logins at all, setup key-authentication and "PermitRootLogin without-password"
many machines i maintain only have a root account for login why? because they are servers for specific tasks and *any* non-root login would be followed by "su - root" anyways and for automated rsync scripts backing up data only root has access you need it also
for all of that you need a initial ssh login in most cases (except you work with a CD/DVD containing the key in case of a local install)