From owner-freebsd-questions Fri Nov 2 4: 2:41 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by hub.freebsd.org (Postfix) with ESMTP id A67A637B40B for ; Fri, 2 Nov 2001 04:02:36 -0800 (PST) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Fri, 2 Nov 2001 12:02:21 +0000 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 15zd0S-0005iB-00; Fri, 02 Nov 2001 12:01:04 +0000 Date: Fri, 2 Nov 2001 12:01:04 +0000 (GMT) From: Jan Grant X-X-Sender: To: Anthony Atkielski Cc: Ben Eisenbraun , questions Subject: Re: Lockdown of FreeBSD machine directly on Net In-Reply-To: <012101c16391$3f31ca80$0a00000a@atkielski.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 2 Nov 2001, Anthony Atkielski wrote: > Ben writes: > > > in /etc/ssh/sshd_config is the line: > > > > PermitRootLogin no > > > > change that to yes, HUP sshd, and it will allow root > > to login directly via ssh. > > I had already done that, but I think I found the problem: I was excluding group > wheel in login.access. It works now. > > > NOT RECOMMENDED. > > What is the risk of ssh? It doesn't even use a password, much less send one in > the clear. If you don't have a valid private key, you can't get in. You can with the root password; to get the behaviour you describe PermitRootLogin without-password ...which is not as scary as it looks :-) It's all in the man page for sshd. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk It's a sad fact that the word "semantics" seems to have lost all meaning. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message