Date: Fri, 2 Nov 2001 12:01:04 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Anthony Atkielski <anthony@atkielski.com> Cc: Ben Eisenbraun <bene@klatsch.org>, questions <questions@FreeBSD.ORG> Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <Pine.GSO.4.31.0111021158510.17249-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <012101c16391$3f31ca80$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2 Nov 2001, Anthony Atkielski wrote: > Ben writes: > > > in /etc/ssh/sshd_config is the line: > > > > PermitRootLogin no > > > > change that to yes, HUP sshd, and it will allow root > > to login directly via ssh. > > I had already done that, but I think I found the problem: I was excluding group > wheel in login.access. It works now. > > > NOT RECOMMENDED. > > What is the risk of ssh? It doesn't even use a password, much less send one in > the clear. If you don't have a valid private key, you can't get in. You can with the root password; to get the behaviour you describe PermitRootLogin without-password ...which is not as scary as it looks :-) It's all in the man page for sshd. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk It's a sad fact that the word "semantics" seems to have lost all meaning. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.31.0111021158510.17249-100000>