About ssh login

[Mikkel L. Ellertson]

Ritesh Yeole wrote:
> Dear Sir,
>                 I want to ssh to my client ,there is sonic-firewall .
> 
> In firewall  static ip nat with server ip
> Now i want to ssh it then it ask for password but when passwd put is says=
> [root at ndtest ~]# ssh ultra
> root at ultra's password:
> Permission denied, please try again.
> root at ultra's password:
> Permission denied, please try again.
> root at ultra's password:
> Permission denied (publickey).
> =================[root at ndtest ~]# ssh raisoni
> root at raisoni's password:
> Permission denied, please try again.
> root at raisoni's password:
> Permission denied, please try again.
> root at raisoni's password:
> Permission denied (publickey,gssapi-with-mic,password).
> [root at ndtest ~]#
> 
> 
> Plz tell me what is difference between them and how it is solved.
> 
> 
> Thanks
> Ritesh
> 
The default sshd setup does NOT allow root to log in. It is usually 
a bad idea to root logins from the Internet because it exposes the 
root account to automated cracking attempts. If you must allow root 
logins from the internet, at least limit it to using key pairs. If 
you can, also limit it to connections for a specific IP address, or 
range of addresses.

As others have said, it is better to log in as a normal user, and 
then become root. It does not eliminate automated attacks, but it 
does make them harder.

As a side note, it is not a good idea to be to be logged in as root 
unless you are doing something that requires it. You are better off 
running ssh as a normal user when connecting to another box.

Mikkel
-- 

   Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20080130/9cc31f92/attachment-0001.bin