| 1 |
Heiko Wundram wrote: |
| 2 |
> Am Montag 09 Februar 2009 13:37:31 schrieb Nikos Chantziaras: |
| 3 |
>> Stroller wrote: |
| 4 |
>>> I install sudo, give my user wide sudo rights and then set |
| 5 |
>>> "PermitRootLogin no" in /etc/ssh/sshd_config. |
| 6 |
>>> (Critique of this measure welcomed). |
| 7 |
>> Since Hung already answered about the other problem, I'll just comment |
| 8 |
>> on this. |
| 9 |
>> |
| 10 |
>> It's a bad idea if the machine is open to the Internet, especially since |
| 11 |
>> it's easy to simply "su -" or "sudo" as a normal user. |
| 12 |
> |
| 13 |
> Sorry, but I consider that to be BS advice (at least concerning that you want |
| 14 |
> to leave password-authentication open). |
| 15 |
> |
| 16 |
> I'd always recommend disabling root login for ssh (as soon as that is |
| 17 |
> possible, i.e. you have an unpriviledged account who is in group wheel who you |
| 18 |
> can use to access the machine in question), because root is a "well-known" |
| 19 |
> user (and thus lends itself well to a [possibly distributed] ssh brute force). |
| 20 |
|
| 21 |
Er, didn't I actually say the same? If other people have network access |
| 22 |
to the machine, disable root. You misunderstood something. |
Archives