Date: Sun, 11 May 2008 17:34:41 -0400 From: Jon Radel <jon@radel.com> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: Chad Perrin <perrin@apotheon.com>, freebsd-questions@freebsd.org Subject: Re: root login stops working Message-ID: <48276671.8080806@radel.com> In-Reply-To: <20080511215811.W72139@wojtek.tensor.gdynia.pl> References: <812883.11120.qm@web54010.mail.re2.yahoo.com> <3120c9e30805101308q55d93966p69914d3bde9a3139@mail.gmail.com> <20080511195413.GB81732@demeter.hydra> <20080511215811.W72139@wojtek.tensor.gdynia.pl>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Wojciech Puchar wrote:
>
>> need root access, you should use a staff account in the wheel group to
>> remotely log into the machine, then su to root.
>
> or set
>
> PermitRootLogin yes
>
> in sshd_conf
>
> much easier.
>
>> The fact that remote direct root login is disabled is a security feature,
>> meant to prevent things like brute-force attacks on root over the
>> network. It's a bad idea to change that behavior, in general. Back when
>
> just another stupid myth.
As is, of course, all security in depth. Hey, if you want everything
riding on one password, more power to you, but you might want to refrain
from using phrases like "stupid myth" unless you've got some hard data
to back them up.
> simply use good passwords.
Or a nice little key encrypted with a good pass phrase. Use ssh-agent
right and you can make things even easier for yourself.
>
> having to log through 2 accounts doesn't increase security. actually
> increases mess.
The only mess I can think of is all that logging that forces a bit of
accountability onto all the admins who know the root password. Of
course, if you're the only admin, I suppose it doesn't really matter.
;-)
--Jon Radel
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
�� 100\mtv0
*H
�0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10
URadel10U*
Jon Thomas10UJon Thomas Radel1
0 *H
jon@radel.com0"0
*H
��0
�t,P
p#
٬q_2=L-^m
>z3ʟV![([ AoE}ϛ3/6?cWx(/)'$6sTl<*i'=uox
Mbt
rdtnxud1R6T>zU0FZ,vN9NP{>qE`^P; *Wg/jN*OVՠQMB(=:
�*0(0U
0
jon@radel.com0
U
0�0
*H
��h!oܨ[А!fN#[Z
b$3?x&$~Ħ9}`MX[It}/bXZajgxɥ' 2NrtWAr sFި'^@mDVw\)00\mtv0
*H
�0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10
URadel10U*
Jon Thomas10UJon Thomas Radel1
0 *H
jon@radel.com0"0
*H
��0
�t,P
p#
٬q_2=L-^m
>z3ʟV![([ AoE}ϛ3/6?cWx(/)'$6sTl<*i'=uox
Mbt
rdtnxud1R6T>zU0FZ,vN9NP{>qE`^P; *Wg/jN*OVՠQMB(=:
�*0(0U
0
jon@radel.com0
U
0�0
*H
��h!oܨ[А!fN#[Z
b$3?x&$~Ħ9}`MX[It}/bXZajgxɥ' 2NrtWAr sFި'^@mDVw\)0?0
0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
030717000000Z
130716235959Z0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
*H
��0�Ħ<UsUNʙZ
hup
[v
:aQP
0cZ,p+Z?qV˯<
6$*+w=+>@dקe*TH<a@
dr`�00U
0�0CU
<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0
U
0)U
"0
0
10UPrivateLabel2-1380
*H
��HP
.
fgCL!6 -6/
P p<ab:~�
t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$
F]_eO1d0`0v0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0 +�0 *H
1
*H
0
*H
1
080511213441Z0# *H
1/ʨRF58Ht0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0 +71x0v0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0
*H
1xv0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0
*H
��^P5W+>=$ITBT
ؤrƱ_i^!04e{D
I;*5=
? h!b4+W
"
^-,º<e|�\qZmj7bk"њ_8IZ=
WI/KC$8RI֧T4
mI7gjY?XZ#Pf2,?f쯃>Z:`kU+px
4|'
������
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48276671.8080806>