From owner-freebsd-questions@FreeBSD.ORG  Thu Feb  3 23:30:08 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0ACB16A4CE
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Feb 2005 23:30:08 +0000 (GMT)
Received: from smtphost.cis.strath.ac.uk (smtphost.cis.strath.ac.uk
	[130.159.196.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0E19D43D1D
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Feb 2005 23:30:08 +0000 (GMT)
	(envelope-from chodgins@cis.strath.ac.uk)
Received: from [192.168.0.4] (chrishodgins.force9.co.uk [84.92.20.141])
	j13NTwfe001271;	Thu, 3 Feb 2005 23:29:58 GMT
Message-ID: <4202B512.9080306@cis.strath.ac.uk>
Date: Thu, 03 Feb 2005 23:34:42 +0000
From: Chris Hodgins <chodgins@cis.strath.ac.uk>
User-Agent: Mozilla Thunderbird 1.0 (X11/20050202)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Gert Cuykens <gert.cuykens@gmail.com>
References: <ef60af09050203143220daf9f9@mail.gmail.com>
In-Reply-To: <ef60af09050203143220daf9f9@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-CIS-MailScanner-Information: Please contact support@cis.strath.ac.uk for
	more information
X-CIS-MailScanner: Found to be clean
X-CIS-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6)
X-CIS-MailScanner-From: chodgins@cis.strath.ac.uk
cc: freebsd-questions@freebsd.org
Subject: Re: ssh default security risc
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Feb 2005 23:30:08 -0000

Gert Cuykens wrote:
> By default the root ssh is disabled. If a dedicated server x somewhere
> far far away doesn't have root ssh enabled the admin is pretty much
> screwed if they hack his user  account and change the user password
> right ?
> 
> So is it not better to enable it by default ?
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
> 

Every unix box has a root account.  Not every unix box has a jblogs 
account.  Lets take the example of a brute-force attempt.  The first 
thing I would do would be to attack roots password.  I know the account 
exists.  Might as well go for the big prize first.

So having a root account enabled is definetly a bad thing.

Chris