F22 System Wide Change: Set sshd(8) PermitRootLogin=no

P J P pj.pandit at yahoo.co.in
Mon Jan 12 16:51:03 UTC 2015 

> On Monday, 12 January 2015 8:32 PM, Paul Wouters wrote:
> do you use PrzemekKlosowski as your username on your fedora? I doubt it.
> It is more likely to be przemek, klosowski or pklosowski. In fact, often
> this is revealed in mail headers (eg "sendmail invoked by user paul").
> More often, people will have 2 to 4 character usernames.
> So this information is far from secret, and easilly guessable.

  Agreed Paul, yet it does not mean cracking them would be as easy as slicing knife through butter. That too for every awkward joe trying their hands at it. It sounds like all one has to do is just guess the username, and it's game over. It is _not_! There is user's password, and root account's password. Not every non-root user has sudo(1) access.  Besides when they use browser based mail clients, such information is less likely to be disclosed.

As said before, few might be able to crack it, but others would _fail_ at it. And that failure is our net gain. Secondly, this restriction would encourage people to use non-root user accounts and help spread awareness about having strong passwords. Thirdly, as said in another thread, if we resort to using keys based authentication for 'root' account, it would lead to people using same mechanism for other accounts too.
 
Overall in the long term, today's small change will have better cumulative returns. 


> Compared to the dictionary this does in fact not make the problem any harder at
> all. However, you have made legitimate automated root logins much harder
> now, like me calling rsync as root for backups, which are not easilly
> done wrapped in sudo :P


  I wonder why rsync needs root account? If it's not easily done wrapped in sudo, why is brute forcing unknown username, its password and then root account relatively easier? (rhetorical questions, don't answer)

Point is, if one must have to have only 'root' account in their set-up, they can always enable remote 'root' login by setting PermitRootLogin=yes. Just like how people flush firewall rules. There are various ways of doing that.

Let's try to figure out how we could facilitate that with more convenience, rather than looping over same arguments about how the feature improves security or not.


>For malicious logins, once root access is obtained via password-less sudo,
>the evidence is removed from the logs.

  What..automatically? Or the assumption is that the attacker is the smartest soul on earth??   

---
Regards
   -Prasad
http://feedmug.com

More information about the devel mailing list