Abotu setting 'PermitRootLogin=no' in sshd_config

Reindl Harald h.reindl at thelounge.net
Fri Nov 21 11:05:24 UTC 2014

Am 21.11.2014 um 11:55 schrieb Roberto Ragusa:
> On 11/21/2014 09:42 AM, Reindl Harald wrote:
>> why? because they are servers for specific tasks and *any* non-root login would be followed by "su - root" anyways and for automated rsync scripts backing up data only root has access you need it also
> For rsync-as-root use cases my usual approach is to create another
> account with userid=0 and login with ssh on this account.
> It is not root, but it has the same powers (because the numeric uid is the only
> thing it really matters).
> Just wanted to share the trick

thanks, but that would alert in lynis checks

"PermitRootLogin without-password" after setup key-authentication should 
be the first action anyways - however i am neutral to any default here 
since on physical machines no problem and most remote machines are setup 
as virtual machine and so "local access"

the only important thing is to *really* make sure that there was a 
different account created - otherwise it could lead to a locked out 
installation in case of network setup after the first boot


[+] Users, Groups and Authentication
   - Search administrator accounts                             [ OK ]
   - Checking for non-unique UIDs                              [ OK ]
   - Checking consistency of group files (grpck)               [ OK ]
   - Checking non unique group ID's                            [ OK ]
   - Checking non unique group names                           [ OK ]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141121/570d1644/attachment.sig>

More information about the devel mailing list