Mailinglist Archive: opensuse-security (191 mails)
| < Previous | Next > |
Re: [suse-security] /etc/sshd_config wize to change
- From: Roman Drahtmueller <draht@xxxxxxxxxxxxxxx>
- Date: Mon, 10 Apr 2000 18:27:34 +0200 (MEST)
- Message-id: <Pine.LNX.4.21.0004101817520.29017-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>
> Dear all,
>
> I think there is a unsafe setting in the /etc/sshd_config file. The
> following setting is be done:
> PermitRootLogin yes. It think it would be best to change the yes to no.
> This is to make it more difficult for a hacker.
>
> Regards,
>
> Joop Boonen.
>
> Can this please also be changed in the rpm package?
Joop,
the rationale behind this is that it should be possible to log on to a
freshly installed machine in some way. Since the root account is the only
one upon completion of the installation to have a valid password, the
setting is "yes". If there should be any remote access after a fresh
installation at all, then it is considered safest to use ssh.
Please note that the settings include
PermitEmptyPasswords no # in both openssh and ssh
which means that the admin is protected against himself in terms of
passwords related to remote logins. Anything more would be uncivilized.
Please disable the option on your own if you feel uncomfortable with it. I
bet that thousands of users would complain if this detail is changed.
Regards,
Roman.
--
_ _
| Roman Drahtmüller "Freedom means that you can choose |
CC University of Freiburg what you want to learn at a given
| email: draht@xxxxxxxxxxxxxxx time." A. Becker, 1999 |
- -
People often find it easier to be a result of the past than a cause of
the future.
> Dear all,
>
> I think there is a unsafe setting in the /etc/sshd_config file. The
> following setting is be done:
> PermitRootLogin yes. It think it would be best to change the yes to no.
> This is to make it more difficult for a hacker.
>
> Regards,
>
> Joop Boonen.
>
> Can this please also be changed in the rpm package?
Joop,
the rationale behind this is that it should be possible to log on to a
freshly installed machine in some way. Since the root account is the only
one upon completion of the installation to have a valid password, the
setting is "yes". If there should be any remote access after a fresh
installation at all, then it is considered safest to use ssh.
Please note that the settings include
PermitEmptyPasswords no # in both openssh and ssh
which means that the admin is protected against himself in terms of
passwords related to remote logins. Anything more would be uncivilized.
Please disable the option on your own if you feel uncomfortable with it. I
bet that thousands of users would complain if this detail is changed.
Regards,
Roman.
--
_ _
| Roman Drahtmüller "Freedom means that you can choose |
CC University of Freiburg what you want to learn at a given
| email: draht@xxxxxxxxxxxxxxx time." A. Becker, 1999 |
- -
People often find it easier to be a result of the past than a cause of
the future.
| < Previous | Next > |