[wplug] Any tips against this kind of ssh break-in?
Jonathan Billings
jsbillings at gmail.com
Fri Jul 15 16:08:41 EDT 2005
On 7/15/05, Brian A. Seklecki <lavalamp at spiritual-machines.org> wrote:
>
> > I did notice that in sshd_config, root was allowed to login. I just
> > turned that off.
>
> GOOD GOD!! What distro* still ships with PermitRootLogin set to "yes" by
> default ?!
We build all our systems with PermitRootLogin set to "yes", however we
don't set a local root password. We use kerberos authentication, so
no one is typing a password at the ssh password prompt.
Forcing a sysadmin to type a root password on a remote system or
somehow escalate privileges (which would have to be the case if we
couldn't log in as root) is just as much a security concern, because
the local system could quite easily be compromised.
--
Jonathan Billings
jsbillings at gmail.com
More information about the wplug
mailing list