From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 23 05:07:32 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D64C316A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Nov 2004 05:07:32 +0000 (GMT)
Received: from out009.verizon.net (out009pub.verizon.net [206.46.170.131])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 33E7043D1D
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Nov 2004 05:07:32 +0000 (GMT)	(envelope-from georgiev@vt.edu)
Received: from bburg.bg ([151.199.112.157]) by out009.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20041123050731.FYQK1396.out009.verizon.net@bburg.bg>
          for <freebsd-questions@freebsd.org>;
          Mon, 22 Nov 2004 23:07:31 -0600
From: Ivan Georgiev <georgiev@vt.edu>
To: freebsd-questions@freebsd.org
Date: Tue, 23 Nov 2004 00:07:28 -0500
User-Agent: KMail/1.7.1
References: <200411201921.27880.georgiev@vt.edu>
	<200411222237.19660.georgiev@vt.edu> <20041122234302.538594d0@localhost>
In-Reply-To: <20041122234302.538594d0@localhost>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200411230007.28877.georgiev@vt.edu>
X-Authentication-Info: Submitted using SMTP AUTH at out009.verizon.net from
	[151.199.112.157] at Mon, 22 Nov 2004 23:07:31 -0600
Subject: Re: NEW: cannot ssh to my computer
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2004 05:07:32 -0000

> > I guess I have put this
> > -:wheel:ALL EXCEPT LOCAL
> > in /etc/login.access but had no recollection of doing it. After
> > commenting it out the problem is gone.
>
> hello again ivan,
>
> fwiw, your 'problem' may actually be better than your 'solution'.  with
> all the script kiddies who are running ssh brute force attempts against
> the root user account (check your logs), it is wise to use 'su' or
> 'sudo' to elevate your priveleges on that box, rather than logging in
> as root.
>
> naturally, you can harden ssh somewhat and even restrict logins by
> ip addy in login.access, but if you're not doing that, i humbly suggest
> that you think twice about enabling root ssh to your box.

I have "AllowUsers ****" in /etc/ssh/sshd_config and root in not one of them. 
So, even though the members of the wheel group are allowed to ssh remotely, 
the root account is not compromised. Is that right? I tried, just to check, 
to ssh as root but cannot, the log says "User root not allowed because not 
listed in AllowUsers...". Let me know if I am wrong.

Thanks again,
Ivan