Date: Fri, 2 Nov 2001 05:54:16 -0500 From: Ben Eisenbraun <bene@klatsch.org> To: Anthony Atkielski <anthony@atkielski.com> Cc: Erik Trulsson <ertr1013@student.uu.se>, Mike Meyer <mwm@mired.org>, questions@FreeBSD.ORG Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <20011102055416.B67495@klatsch.org> In-Reply-To: <00d801c1637c$d3264640$0a00000a@atkielski.com>; from anthony@atkielski.com on Fri, Nov 02, 2001 at 10:00:28AM %2B0100 References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> <00d801c1637c$d3264640$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 02, 2001 at 10:00:28AM +0100, Anthony Atkielski wrote: > However, I'd still like to know what has to be done to make SSH work for root > logins. The "Sorry, you are not allowed to connect" message must be coming from in /etc/ssh/sshd_config is the line: PermitRootLogin no change that to yes, HUP sshd, and it will allow root to login directly via ssh. NOT RECOMMENDED. But it's your choice, which is one of the lovely things about UNIX. > > This requires that the user you login as is > > in the 'wheel' group. > > And if I add that user to wheel, does that open up any other holes? Doesn't > wheel have a lot of permissions on a lot of files? You should investigate 'sudo' in /usr/ports/security/sudo. It's a utility that will allow you to selectively grant privileges to users that are normally reserved for root. The only time I ever use the root password is for logging in when the machine is in single user. Have fun. -ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011102055416.B67495>