From owner-freebsd-stable Fri Oct 5 10:42: 4 2001 Delivered-To: freebsd-stable@freebsd.org Received: from po4.glue.umd.edu (po4.glue.umd.edu [128.8.10.124]) by hub.freebsd.org (Postfix) with ESMTP id 8485437B40A for ; Fri, 5 Oct 2001 10:42:01 -0700 (PDT) Received: from glue.umd.edu (darkstar.umd.edu [128.8.215.163]) by po4.glue.umd.edu (8.10.1/8.10.1) with ESMTP id f95Hg0r19546 for ; Fri, 5 Oct 2001 13:42:00 -0400 (EDT) Message-ID: <3BBDF0E9.20BA0F56@glue.umd.edu> Date: Fri, 05 Oct 2001 13:42:01 -0400 From: Brandon Fosdick X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: stable@FreeBSD.ORG Subject: Re: Why sshd:PermitRootLogin = no ? References: <19436.1002297239@axl.seasidesoftware.co.za> <20011005120139.D10847@pir.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter Radcliffe wrote: > > Sheldon Hearn probably said: > > Why is sshd's PermitRootLogin set to 'no' in the default installation of > > FreeBSD? > > Because it's sensible. Given the semi-recent articles on determining passwords from sniffed ssh packets which is least secure? Allowing remote root logins over ssh or su'ing to root? It's my understanding that the aforementioned sniffing method doesn't work on the initial ssh login, only on passwords typed after that (i.e. while su'ing). It seems to me that neither method is all that secure, so maybe the default should be based on convenience? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message