On Mon, 5 Mar 2007, Ian Service wrote: > The easiest way to make sure your box isn't going to get root-kitted is to > make sure you have another user on the system and then open > /etc/ssh/sshd_config and change the PermitRootLogin line to say no and then > restart sshd (/sbin/service sshd restart).
No. If you want to do it properly, disallow all password logins, and only allow logins with SSH keys. Then it also does not really matter root can login directly, something that is usually needed for things like offsite backups. > Every single attack I've seen on my systems was to the root user using ssh > (everything else is firewalled), if ssh won't let that in to begin with, > you're set. All automated sshd attacks now use a full dictionary attack of usernames to try with a dictionary of passwords. Paul
