From owner-freebsd-questions  Fri Nov  2 14:39: 8 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from lists.blarg.net (lists.blarg.net [206.124.128.17])
	by hub.freebsd.org (Postfix) with ESMTP id 5E09137B40A
	for <questions@FreeBSD.ORG>; Fri,  2 Nov 2001 14:39:06 -0800 (PST)
Received: from thig.blarg.net (thig.blarg.net [206.124.128.18])
	by lists.blarg.net (Postfix) with ESMTP
	id EF634BCF7; Fri,  2 Nov 2001 14:39:05 -0800 (PST)
Received: from localhost.localdomain ([206.124.139.115])
	by thig.blarg.net (8.9.3/8.9.3) with ESMTP id OAA13884;
	Fri, 2 Nov 2001 14:39:05 -0800
Received: (from jojo@localhost)
	by localhost.localdomain (8.11.6/8.11.3) id fA2MbRV54291;
	Fri, 2 Nov 2001 14:37:27 -0800 (PST)
	(envelope-from swear@blarg.net)
To: Ben Eisenbraun <bene@klatsch.org>
Cc: questions@FreeBSD.ORG
Subject: Re: Lockdown of FreeBSD machine directly on Net
References: <15330.23714.263323.466739@guru.mired.org>
	<00b501c1637b$1cd2f880$0a00000a@atkielski.com>
	<20011102095554.A38169@student.uu.se>
	<00d801c1637c$d3264640$0a00000a@atkielski.com>
	<20011102055416.B67495@klatsch.org>
From: swear@blarg.net (Gary W. Swearingen)
Date: 02 Nov 2001 14:37:26 -0800
In-Reply-To: <20011102055416.B67495@klatsch.org>
Message-ID: <8s668sdck9.68s@localhost.localdomain>
Lines: 16
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Ben Eisenbraun <bene@klatsch.org> writes:

> change that to yes, HUP sshd,  and it will allow root to login directly 
> via ssh.
> 
> NOT RECOMMENDED.

I'd like to why.  I'd think that if you can't trust ssh you might
as well give up.  I'd think the tiny reduction in risk (if any) would
not be worth even the few extra seconds it takes to do the "su" and
password entry.

IF we assume ssh is secure, isn't it as safe to login as root via ssh as
at the system console?

Or do people recommend that that not be allowed either?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message