Date: Fri, 2 Nov 2001 19:37:53 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <01ae01c163cd$7cb00340$0a00000a@atkielski.com> References: <KPEMLBLEMPMHGLJOCDEGOECECMAA.scott@gerhardt-it.com>
next in thread | previous in thread | raw e-mail | index | archive | help
So is it really an issue provided that I never log in to root from anywhere except on my own LAN (which has only two machines, both of which are under my exclusive control)? If I leave SSH login of root allowed, but with password authentication disallowed, it seems to me that anyone trying to hack into the system from the outside by a login to root would have quite a task before him, since he could not guess passwords, and even if he knew the root password, it wouldn't help him. He'd have to have the private SSH key for root to get in, and short of somehow stealing it off one of my machines (which would imply that I had far bigger security problems than just logins to root), I don't know how he'd get that. There's no copy of it on the server, even. ----- Original Message ----- From: "Scott Gerhardt" <scott@gerhardt-it.com> To: "Anthony Atkielski" <anthony@atkielski.com>; "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Sent: Friday, November 02, 2001 15:51 Subject: RE: Lockdown of FreeBSD machine directly on Net > If you are the only administrator this isn't too bad, but still not > recommended. If you have several administrators logging in from time to > time, you are better off logging in as yourself first and 'su' to root. > That way there is record in the logs as to who did what. > > > > > > > -----Original Message----- > > From: owner-freebsd-questions@FreeBSD.ORG > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Anthony > > Atkielski > > Sent: November 2, 2001 12:04 AM > > To: FreeBSD Questions > > Subject: Lockdown of FreeBSD machine directly on Net > > > > > > Is there anything special I need to do to secure a FreeBSD > > system, freshly > > installed, before putting it on the Internet (i.e., with an IP > > address reachable > > from the outside world)? Is it secure against attack as > > installed, or do I have > > to tweak some things? > > > > Right now I have only ssdh, telnetd, sendmail, and inetd > > running, with ftp > > available (anonymous is disabled). I am planning to install > > Apache so that I > > can prototype my Web site locally. The one change I've made > > is to allow secure > > login for root in ttys; if there is a way of restricting root > > logins to my other > > machine on my LAN, I'd like to know how to do that (it will > > never be necessary > > to login as root from the Net). > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01ae01c163cd$7cb00340$0a00000a>