From owner-freebsd-questions Fri Nov 2 10:35:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id 08C8A37B40A for ; Fri, 2 Nov 2001 10:34:59 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA2IYX364807; Fri, 2 Nov 2001 19:34:34 +0100 (CET) Message-ID: <01ab01c163cd$12f50ea0$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "FreeBSD Questions" References: <000301c163ab$927fefe0$6401a8c0@daveabit> Subject: Re: Lockdown of FreeBSD machine directly on Net Date: Fri, 2 Nov 2001 19:34:50 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hmm ... I'll try it. Is ssh going to create a conflict if I use su to go from place to place? (Since the original ssh login is associated with the key of a specific user.) ----- Original Message ----- From: "David Powers" To: "'Anthony Atkielski'" ; "'Mike Meyer'" Cc: Sent: Friday, November 02, 2001 15:35 Subject: RE: Lockdown of FreeBSD machine directly on Net > So you login as you and then use the su command to elevate to root. You > should never log directly in as root. > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Anthony > Atkielski > Sent: Friday, November 02, 2001 2:48 AM > To: Mike Meyer > Cc: questions@freebsd.org > Subject: Re: Lockdown of FreeBSD machine directly on Net > > > Mike writes: > > > Subscribe to the appropriate security lists - > > freebsd-security at a bare minimum ... > > Done. > > > Everyone is going to tell you to kill telnetd > > - and they are probably right, as sshd lets > > you do all that. > > Except that sshd isn't letting me log in as root. When I try that, it says: > "Sorry, you are not allowed to connect." But I changed the remotes to > secure in > ttys, and I put the PermitRootLogin to "yes" in sshd_config. What else do I > have to do? SSH works for other accounts. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message