From owner-freebsd-stable Sat Oct 6 3:24:26 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by hub.freebsd.org (Postfix) with ESMTP id 1E45837B401 for ; Sat, 6 Oct 2001 03:24:22 -0700 (PDT) Received: (from olli@localhost) by lurza.secnetix.de (8.9.3/8.9.3) id MAA23902; Sat, 6 Oct 2001 12:24:20 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Date: Sat, 6 Oct 2001 12:24:20 +0200 (CEST) Message-Id: <200110061024.MAA23902@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG Reply-To: freebsd-stable@FreeBSD.ORG Subject: Re: Why sshd:PermitRootLogin = no ? In-Reply-To: <200110052040.f95KeTw84982@earth.backplane.com> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.1-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Matt Dillon wrote: > Yes, exactly so. Though I don't think it would hurt to change > the default to: > > PermitRootLogin without-password > > Which means that root can only login using a pre-authenticated > method such as an SSH key pair (aka ~root/.ssh/authorized_keys), or > kerberos. Passworded logins are still disallowed. There are installations where people don't want root logins to be enabled, whether with password or not. This includes many of the machines I am responsible for -- If the default was changed, I'd have to edit sshd_config and replace "without-password" with "no" everywhere. This is not necessarily a matter of security. Although there are certainly ultra-paranoid folks who prefer to have a setting of "no" for security reasons, or rather for a better feeling, but anyway, if they want it to be "no", it's their decision, and it's certainly not wrong to set it that way. On the other hand, on many sites it is simply disallowed for admins to login as root, because it circumvents administrative concepts, in particular when there are multiple persons in charge for administration. Just one example: When you login as user, then su to root and type shutdown, your actual userid will be logged along with the shutdown messages (and even if it didn't, you can see in wtmp who was logged in at that time). If you login as root and shutdown, you can't say later who did the shutdown. Therefore it is often a very good thing to disallow root logins right away, no matter whether with password, s/key, RSA key, Kerberos or whatever. Therefore I'd vote for keeping the setting at the "minimum" possible (i.e. "no"). I think this is also what most people would expect (see POLA). Just my 0.02 Euro. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message