Date: Fri, 5 Oct 2001 13:46:46 -0400 From: The Anarcat <anarcat@anarcat.dyndns.org> To: Brandon Fosdick <bfoz@glue.umd.edu> Cc: stable@FreeBSD.ORG Subject: Re: Why sshd:PermitRootLogin = no ? Message-ID: <20011005134645.A7287@shall.anarcat.dyndns.org> In-Reply-To: <3BBDF0E9.20BA0F56@glue.umd.edu> References: <19436.1002297239@axl.seasidesoftware.co.za> <20011005120139.D10847@pir.net> <3BBDF0E9.20BA0F56@glue.umd.edu>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] You must be talking about a vulnerability which allows an attacker to "guess" the *length* of a string being passed in an SSH connection. This has been fixed, for what I know. And IIRC, if you use UseLogin=yes, probably that it doesn't make a difference wether you su or login root. A. On Fri Oct 05, 2001 at 01:42:01PM -0400, Brandon Fosdick wrote: > Peter Radcliffe wrote: > > > > Sheldon Hearn <sheldonh@starjuice.net> probably said: > > > Why is sshd's PermitRootLogin set to 'no' in the default installation of > > > FreeBSD? > > > > Because it's sensible. > > Given the semi-recent articles on determining passwords from sniffed ssh packets > which is least secure? Allowing remote root logins over ssh or su'ing to root? > It's my understanding that the aforementioned sniffing method doesn't work on > the initial ssh login, only on passwords typed after that (i.e. while su'ing). > > It seems to me that neither method is all that secure, so maybe the default > should be based on convenience? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Pour information voir http://www.gnupg.org iEYEARECAAYFAju98gQACgkQttcWHAnWiGeG/gCcDIzSc3zMceJwqAh212NXiRK1 hWgAnRqrtyGF1fJe/BIgnG+/F5oQjiL6 =rJHI -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011005134645.A7287>