1 |
Heiko Wundram wrote: |
2 |
> Am Montag 09 Februar 2009 13:37:31 schrieb Nikos Chantziaras: |
3 |
>> Stroller wrote: |
4 |
>>> I install sudo, give my user wide sudo rights and then set |
5 |
>>> "PermitRootLogin no" in /etc/ssh/sshd_config. |
6 |
>>> (Critique of this measure welcomed). |
7 |
>> Since Hung already answered about the other problem, I'll just comment |
8 |
>> on this. |
9 |
>> |
10 |
>> It's a bad idea if the machine is open to the Internet, especially since |
11 |
>> it's easy to simply "su -" or "sudo" as a normal user. |
12 |
> |
13 |
> Sorry, but I consider that to be BS advice (at least concerning that you want |
14 |
> to leave password-authentication open). |
15 |
> |
16 |
> I'd always recommend disabling root login for ssh (as soon as that is |
17 |
> possible, i.e. you have an unpriviledged account who is in group wheel who you |
18 |
> can use to access the machine in question), because root is a "well-known" |
19 |
> user (and thus lends itself well to a [possibly distributed] ssh brute force). |
20 |
|
21 |
Er, didn't I actually say the same? If other people have network access |
22 |
to the machine, disable root. You misunderstood something. |