From owner-freebsd-stable  Fri Oct  5  9: 1:43 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from moek.pir.net (moek.pir.net [130.64.1.215])
	by hub.freebsd.org (Postfix) with ESMTP id AE3EC37B401
	for <stable@freebsd.org>; Fri,  5 Oct 2001 09:01:40 -0700 (PDT)
Received: from pir by moek.pir.net with local (Exim)
	id 15pXPv-00036s-00
	for stable@FreeBSD.org; Fri, 05 Oct 2001 12:01:39 -0400
Date: Fri, 5 Oct 2001 12:01:39 -0400
From: Peter Radcliffe <pir@pir.net>
To: stable@FreeBSD.org
Subject: Re: Why sshd:PermitRootLogin = no ?
Message-ID: <20011005120139.D10847@pir.net>
Reply-To: stable@freebsd.org
Mail-Followup-To: stable@FreeBSD.org
References: <19436.1002297239@axl.seasidesoftware.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <19436.1002297239@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Fri, Oct 05, 2001 at 05:53:59PM +0200
X-fish: <darwin><
X-Copy-On-Listmail: Please do NOT Cc: me on list mail.
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Sheldon Hearn <sheldonh@starjuice.net> probably said:
> Why is sshd's PermitRootLogin set to 'no' in the default installation of
> FreeBSD?

Because it's sensible.

> The security gain for a brand new installation is questionable.  The
> downside is that, when you have remote hands pressing the buttons for
> you during the installation, an extra user has to be created by those
> hands.

1) Most people are not installing like that.

2) I disagree with "questionable" security gain for a new installation.

3) If it isn't the default most people will never change it, and the
   long term security gain is certainly not questionable.

4) It's consistant with the default behaviour for telnetd.

If you need a custom installation for remote use, then build a custom
installation ... install.cfg and many other things exist for a reason.

P.

-- 
pir                pir-sig@pir.net                 pir-sig@net.tufts.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message