From owner-freebsd-questions Fri Nov 2 3:26:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id 712D237B401 for ; Fri, 2 Nov 2001 03:26:44 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA2BQI810434; Fri, 2 Nov 2001 12:26:19 +0100 (CET) Message-ID: <012101c16391$3f31ca80$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Ben Eisenbraun" Cc: References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> <00d801c1637c$d3264640$0a00000a@atkielski.com> <20011102055416.B67495@klatsch.org> Subject: Re: Lockdown of FreeBSD machine directly on Net Date: Fri, 2 Nov 2001 12:26:39 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ben writes: > in /etc/ssh/sshd_config is the line: > > PermitRootLogin no > > change that to yes, HUP sshd, and it will allow root > to login directly via ssh. I had already done that, but I think I found the problem: I was excluding group wheel in login.access. It works now. > NOT RECOMMENDED. What is the risk of ssh? It doesn't even use a password, much less send one in the clear. If you don't have a valid private key, you can't get in. I can see why telnet would be a risk, with passwords moving in the clear, and the relative ease of trying to guess passwords, but neither of these apply to ssh, as far as I know. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message