Dear all,
I think there is a unsafe setting in the /etc/sshd_config file. The following setting is be done: PermitRootLogin yes. It think it would be best to change the yes to no. This is to make it more difficult for a hacker.
Regards,
Joop Boonen.
Can this please also be changed in the rpm package?
Joop, the rationale behind this is that it should be possible to log on to a freshly installed machine in some way. Since the root account is the only one upon completion of the installation to have a valid password, the setting is "yes". If there should be any remote access after a fresh installation at all, then it is considered safest to use ssh. Please note that the settings include PermitEmptyPasswords no # in both openssh and ssh which means that the admin is protected against himself in terms of passwords related to remote logins. Anything more would be uncivilized. Please disable the option on your own if you feel uncomfortable with it. I bet that thousands of users would complain if this detail is changed. Regards, Roman. -- _ _ | Roman Drahtmüller "Freedom means that you can choose | CC University of Freiburg what you want to learn at a given | email: draht@uni-freiburg.de time." A. Becker, 1999 | - - People often find it easier to be a result of the past than a cause of the future.