Date: Wed, 04 Jan 2017 09:18:32 +0800 From: Ernie Luzar <luzar722@gmail.com> To: Maciej Suszko <maciej@suszko.eu> Cc: Ben Woods <woodsb02@gmail.com>, Polytropon <freebsd@edvax.de>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: how to allow user toor login through ssh Message-ID: <586C4D68.6000000@gmail.com> In-Reply-To: <20170103141838.4ada403b@helium> References: <5869ADFB.6080000@gmail.com> <20170102024359.aa82ae3e.freebsd@edvax.de> <5869F77D.5050106@gmail.com> <20170102172615.516dc912.freebsd@edvax.de> <CAOc73CCc_Yj_qAw2riDft=KdeNoKmHgOQOkeTLdse2pom_35FQ@mail.gmail.com> <20170103141838.4ada403b@helium>
index | next in thread | previous in thread | raw e-mail
Maciej Suszko wrote: > On Tue, 3 Jan 2017 19:15:54 +0800 > Ben Woods <woodsb02@gmail.com> wrote: > >> The openssh daemon prevents login as root or toor (any user with UID >> 0) in the default configuration that ships with FreeBSD. >> >> This can be adjusted by setting the following in /etc/ssh/sshd_config: >> PermitRootLogin yes >> >> Note however, that it is not generally advisable to allow root or toor >> login via ssh, as this is a frequently attempted username for script >> kiddies and bots running random brute force attacks. Tread wisely. >> >> Regards, >> Ben > > However it's quite simple to restrict root login using Match block, for > example ;-) ... just leave 'no' globally. > > Match Address 10.0.0.0/27 > PermitRootLogin yes I like this solution. On my host I have changed ssh to us a high value port number back when I was on BSD REL 3.0 and have never had any failed login attacks of any kind. As the host administrator I am the only one using ssh on this 11.0 host. Using the ip address of my vacation home is just an added piece of security. Thanks for this information.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?586C4D68.6000000>