From owner-freebsd-questions Thu May 3 7:45:12 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 6939B37B424 for ; Thu, 3 May 2001 07:45:10 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from server0 (204-50-168-20.mb.skyweb.ca [204.50.168.20] (may be forged)) by hawk-systems.com (8.8.8) id IAA44629 for ; Thu, 3 May 2001 08:45:09 -0600 (MDT) From: "Dave VanAuken" To: Subject: SSH security on FreeBSD Date: Thu, 3 May 2001 10:46:43 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <81D533F949E2CF1194FB00805FD4CBB702EAB3AB@res02-wnt248.corp.wang.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG quick question on the ramifications of a change. SSH default config sets password fallback to yes and root login to no need to remotely automate the updating of root only owned files to ensure that network files are maintained on several servers. Assuming only RSA auth is allowed, and no password fallback is allowed, what potential secutiry holes are opened by changing the "PermitRootLogin" to yes Still requires the connecting machine to match the keys to establish the connection... Changing this solves the problem, just hesitant to leave a "root login" open... seems like a big no-no thoughts? Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message