Date: Tue, 24 Jul 2007 19:27:38 +0000 From: Pollywog <lists-fbsd@shadypond.com> To: freebsd-questions@freebsd.org Subject: Re: connecting user root with ssh Message-ID: <200707241927.38359.lists-fbsd@shadypond.com> In-Reply-To: <20070724213326.5e8aa27d@localhost> References: <11066.217.114.136.135.1180427946.squirrel@llca513-a.servidoresdns.net> <465d3e9e.uyoP2YaUttmVs6ON%perryh@pluto.rain.com> <20070724213326.5e8aa27d@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 24 July 2007 11:33:26 Norberto Meijome wrote: > On Wed, 30 May 2007 02:06:38 -0700 > > perryh@pluto.rain.com wrote: > > * If "root" cannot log in remotely, a cracker has to guess three > > guess or brute force - so quite long random passwords (or ssh keys) are > extremely recommendable. > > > things to obtain root access, instead of just one: > > > > + A valid username which is in the "wheel" group; > > + That user's password; > > + The root password. > > that is assuming, of course, that the user your just logged in with belongs > to wheel. If one must allow root logins via ssh, I recommend in sshd_config: PermitRootLogin without-password This will force the use of a passphrase and disallow root login with just a password.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707241927.38359.lists-fbsd>