Date: Mon, 3 Oct 2005 09:51:00 -0400 From: Bob Johnson <fbsdlists@gmail.com> To: mario <mario-dated-1128750963.989ae6@schmut.com> Cc: freebsd-security@freebsd.org, jrhall@gmail.com Subject: Re: Repeated attacks via SSH Message-ID: <54db43990510030651x58eaa863ma46e0e37df175c29@mail.gmail.com> In-Reply-To: <52149.192.168.23.8.1128318960.squirrel@mail.schmut.com> References: <4340ACC1.1000306@open-networks.net> <Pine.BSF.4.44.0510022147170.99554-100000@home.fake.net> <547e6a320510022240p76ae276fp94ee8ab598795a22@mail.gmail.com> <52149.192.168.23.8.1128318960.squirrel@mail.schmut.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/3/05, mario <mario@schmut.com> wrote: > So, Jared Hall wrote: > > Is there a way to block root login over 22? > > Jared > > ______________________ > > yep > > [root@snoopy ~]#grep Root /etc/ssh/sshd_config > PermitRootLogin no This is not sufficient if ssh is using PAM for authentication (because PAM will allow root logins). Make sure you also have disabled PAM authentication with ChallengeResponseAuthentication no I think both of these settings default to "no" these days, but you might want to check your config to be sure. - Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54db43990510030651x58eaa863ma46e0e37df175c29>