Mailinglist Archive: opensuse (2008 mails)

< Previous Next >
Re: [opensuse] Re: ssh & root logins special? in 11.1?
  • From: Mark Goldstein <goldstein.mark@xxxxxxxxx>
  • Date: Fri, 17 Apr 2009 22:53:48 +0300
  • Message-id: <1d8633230904171253v6e55af04q588bcdf6da1a452b@xxxxxxxxxxxxxx>
On Fri, Apr 17, 2009 at 10:17 PM, Linda Walsh <suse@xxxxxxxxx> wrote:
Mark Goldstein wrote:

Are you sure you changed the default /etc/ssh/sshd_config and enabled
root login (PermitRootLogin yes)?
It is disabled by default.

       All three /etc/ssh/sshd_config files have
the "PermitRootLogin line commented out with a Yes by it.
The comment at the top says it provides the defaults. (whatever
that means).  But the "PermitRootLogin yes" line is commented out
in all 3 hosts.

It seems to vary based on util whether the comment represent
the alternate value or the default value, but seeing as they
are the same on all 3 hosts, I'd expect logins between the
two old systems (A(10.3)<->B(11.0)) to fail if that was the case.

Unless the default changed in 11.1?  But why would the
change on 11.1 affect both ways i.e. C(11.1) <--//-->> <A|B>(10.3/11.0)?

Seems odd that having it commented out would mean it's the
current default in 11.0+10.3, but not in 11.1, but the sshd_config,
I'd think, would only be used in logging in to a server.

It is also commented out on my 11.0. Probably it is done by hardening scripts.
It is considered better security practice, not to allow root remote
logging. One is supposed to log in as normal user and then use sudo /
su to do root stuff.

Mark Goldstein
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups