Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Root logins with ssh
  • From: RoMaN SoFt / LLFB!! <roman@xxxxxxxxxx>
  • Date: Mon, 05 Feb 2001 13:45:48 +0100
  • Message-id: <oo7t7to5nfaujtj9e9er3bu8a5p5jvgbep@xxxxxxx>

Hi.

I've been using root logins with ssh. Since ssh goes encrypted I
don't know why this could be a security problem (question 1: please
confirm that).

Anyway I've decided to change into the more (supposed) secure way: no
root logins. I've done it. This is my current config:

roman@goliat:~ > rpm -qa |grep ssh
openssh-1.2.2-30

(yep, it's buggy, but I don't use scp & similiar)

roman@goliat:~ > cat /etc/SuSE-release
SuSE Linux 6.4 (i386)
VERSION = 6.4
root@goliat:/etc/ssh > grep PermitRoot sshd_config
PermitRootLogin no

Nevertheless I've noted the following behaviour when trying to login
as root:
1) If supplied passwd is incorrect, sshd tell so.
2) If supplied passwd is right, you get:
ROOT LOGIN REFUSED FROM roman

So you could try to guest root passwd by brute force attack. I don't
like that.

Is this corrected on newer versions?
Please, any comments are welcome.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
** RoMaN SoFt / LLFB **
roman@xxxxxxxxxx
http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

< Previous Next >