Date: Tue, 3 Jan 2017 22:07:31 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: Ernie Luzar <luzar722@gmail.com>, Polytropon <freebsd@edvax.de> Cc: Maciej Suszko <maciej@suszko.eu>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: how to allow user toor login through ssh Message-ID: <d5b176b0-ed84-b7e4-1fcb-4bdd1018b7e0@tundraware.com> In-Reply-To: <586C7446.208@gmail.com> References: <5869ADFB.6080000@gmail.com> <20170102024359.aa82ae3e.freebsd@edvax.de> <5869F77D.5050106@gmail.com> <20170102172615.516dc912.freebsd@edvax.de> <CAOc73CCc_Yj_qAw2riDft=KdeNoKmHgOQOkeTLdse2pom_35FQ@mail.gmail.com> <20170103141838.4ada403b@helium> <586C4D68.6000000@gmail.com> <20170104024723.af718b7a.freebsd@edvax.de> <586C7446.208@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/03/2017 10:04 PM, Ernie Luzar wrote: > Polytropon wrote: >> On Wed, 04 Jan 2017 09:18:32 +0800, Ernie Luzar wrote: >>> Maciej Suszko wrote: >>>> On Tue, 3 Jan 2017 19:15:54 +0800 >>>> Ben Woods <woodsb02@gmail.com> wrote: >>>> >>>>> The openssh daemon prevents login as root or toor (any user with UID >>>>> 0) in the default configuration that ships with FreeBSD. >>>>> >>>>> This can be adjusted by setting the following in /etc/ssh/sshd_config: >>>>> PermitRootLogin yes >>>>> >>>>> Note however, that it is not generally advisable to allow root or toor >>>>> login via ssh, as this is a frequently attempted username for script >>>>> kiddies and bots running random brute force attacks. Tread wisely. >>>>> >>>>> Regards, >>>>> Ben >>>> However it's quite simple to restrict root login using Match block, for >>>> example ;-) ... just leave 'no' globally. >>>> >>>> Match Address 10.0.0.0/27 >>>> PermitRootLogin yes >>> >>> >>> I like this solution. On my host I have changed ssh to us a high value port number back when I was on BSD REL 3.0 and have never had any failed login attacks of any kind. >> >> Moving SSH to a nonstandard port doesn't increase security per se, <SNIP> All good info ... shameless self-promotion follows ;) I use the following to essentially remove most noise from my ssh world. I came up with this some years ago while travelling extensively: https://www.tundraware.com/Software/tperimeter/ ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5b176b0-ed84-b7e4-1fcb-4bdd1018b7e0>