From owner-freebsd-doc@FreeBSD.ORG  Sun Feb 21 20:24:39 2010
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: doc@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D003A106566C
	for <doc@freebsd.org>; Sun, 21 Feb 2010 20:24:39 +0000 (UTC)
	(envelope-from wyantis@gmail.com)
Received: from mail-gx0-f219.google.com (mail-gx0-f219.google.com
	[209.85.217.219])
	by mx1.freebsd.org (Postfix) with ESMTP id 87D248FC14
	for <doc@freebsd.org>; Sun, 21 Feb 2010 20:24:39 +0000 (UTC)
Received: by gxk19 with SMTP id 19so2190559gxk.3
	for <doc@freebsd.org>; Sun, 21 Feb 2010 12:24:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:from:to
	:content-type:mime-version:subject:date:x-mailer;
	bh=tkLMMqK5Zp2R6ghzR77fFZ5DLgDOVk4EM5Snz7EEtr8=;
	b=b6GeiY3CicKHPlbw1wQ2IYcjZJyQU5hHJZTmaf1pm94st7gLOljvGmQRqlOsI/F0hu
	UMjYMr0y7G7Q4TFdeuut4PJs8KJM+Cu5IyGmtnshjbLvZB8sauRoe1h+RE+7iPG2SaEn
	XN4cDsU5ljomwH8VJBritg06eHjOs1AgUbu5A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:from:to:content-type:mime-version:subject:date:x-mailer;
	b=KI88wZPw60RvoPTJPAWwQMpzh4RRBB+muA0KN4pLpa4Oo4FeBvY/87DMXNdAxJSREU
	tV7YuNq0D+Divm8Tnh6GPbQFjoIi0Mcyxl6J6t9Va4/YgJ2fyHileX8/ZFitygZUiXHR
	lUg0m9r7w52iQlp5chycsArczfwrslkSwsfuw=
Received: by 10.101.184.33 with SMTP id l33mr6928469anp.100.1266782195832;
	Sun, 21 Feb 2010 11:56:35 -0800 (PST)
Received: from ?192.168.1.103? (cpe-24-167-54-69.hot.res.rr.com [24.167.54.69])
	by mx.google.com with ESMTPS id 34sm1371292yxf.11.2010.02.21.11.56.34
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sun, 21 Feb 2010 11:56:35 -0800 (PST)
Message-Id: <EF2C55ED-D3CD-4BE6-8C09-E7292564D7AA@gmailcom>
From: Walton Yantis <wyantis@gmail.com>
To: doc@FreeBSD.org
Mime-Version: 1.0 (Apple Message framework v936)
Date: Sun, 21 Feb 2010 13:56:33 -0600
X-Mailer: Apple Mail (2.936)
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: Suggestion for manual
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2010 20:24:40 -0000

Hi there,

at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html

in the first paragraph, 14.3.1, I suggest the following change based  
on a problem just encountered.

  there as well. You can do this by editing your /etc/ssh/sshd_config  
file, and making sure thatPermitRootLogin is set to NO. Consider every  
access method -- services such as FTP often fall through the cracks.  
Direct root logins should only be allowed via the system console.

  there as well. You can do this by editing your /etc/ssh/sshd_config  
file, and making sure thatPermitRootLogin is set to no. Consider every  
access method -- services such as FTP often fall through the cracks.  
Direct root logins should only be allowed via the system console.

The capitalization of PermitRootLogin  variable to NO caused ssh  
startup to fail on boot.

Walt