If the communication is encrypted, why is connecting as an unpriviledged user via ssh and then doing a su to root safer than connecting as root directly? Is the encryption of initial password or key verification less secure than data encryption. Or, is it to protect against dictionary attacks? What is to stop an intruder to run a dictionary attack to a regular user and then once successful run a second one with su? Yes, requiring two attacks might decrease chance of success. But, if this is the only reason then allowing only key based login is probably a lot safer than just disallowing root. Am I missing something here? Selcuk Mike Tierney wrote:
Yep some people do want to login remotely as root.
Some people like to be able to login as root but ONLY with a SSH key.
And some people like empty root ssh passwords(!) to automate things, though it'd arguably be safer to use sudo from a non-privileged user.
Different strokes for different folks (with differing levels of Paranoia!). I normally disallow root login (PermitRootLogin no), disallow empty passwords (PermitEmptyPasswords no) and disallow clear text passwords (PasswordAuthentication no).
No Linux distribution is without issues AFAIK. But hey, it beats running Windows. :)
-----Original Message----- From: Kevin Brannen [mailto:kevin_brannen@stercomm.com] Sent: Thursday, 7 October 2004 7:06 a.m. To: suse-security@suse.com Subject: Re: [suse-security] Problems with SuSE 9.1 - some issues aren't fixed for ages
Philippe Vogel wrote: ...
7)
Issue:
SSH allows root to login but imo nobody wants to have this.
Hotfix:
Edit /etc/ssh/sshd_config and restart sshd:
PermitRootLogin no
...
Much of the stuff you address I don't use, so whatever. But I'll take exception to this, as your opinion is wrong. I do want root to be able to ssh into all my boxes. It what allows me to survive because I can automate copying of files for updates or shoving out new programs/scripts. It what allows me to easily jump from machine to machine as users come to me with problems; or to automate status-type commands on the fly (e.g. got a problem with this file, I wonder if the other machines have this file or a different one, let's do: for m in $machine_list; do echo $m; ssh $m cksum $file; done.
It's all about automation. And all my machines are behind multiple firewalls, NAT'd, and have minimal ports open. I'm in about as secure a place as you can be (assuming you trust your users. :-)
Maybe you're in a more hostile place, say as a border router; then yes, you probably don't want root to do that. But to say "nobody wants to have this" is just flat out wrong. (I'm not trying to flame you, just trying to point out that there may be situations you're not taking into account.)
You can argue whether the default should be ON or OFF, but that's totally different.
Kevin
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here