Abotu setting 'PermitRootLogin=no' in sshd_config

Reindl Harald h.reindl at thelounge.net
Fri Nov 21 08:42:52 UTC 2014

Am 21.11.2014 um 08:11 schrieb P J P:
> Sshd(8) daemon by default allows remote users to login as root.
>    1. Is that really necessary?
>    2. Lot of users use their systems as root, without even creating a non-root user.
>       Such practices need to be discouraged, not allowing remote root login could be
>       useful in that.
> Does it make sense to disable remote root login by default? If so, do we need to just report it to the maintainer or it would be treated as a feature?

normally if you care for security you disable password logins at all, 
setup key-authentication and "PermitRootLogin without-password"

many machines i maintain only have a root account for login
why? because they are servers for specific tasks and *any* non-root 
login would be followed by "su - root" anyways and for automated rsync 
scripts backing up data only root has access you need it also

for all of that you need a initial ssh login in most cases (except you 
work with a CD/DVD containing the key in case of a local install)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141121/a741f0f2/attachment-0001.sig>

More information about the devel mailing list