Alexander Skwar wrote: > Hallo. > > When I installed my new machine I've chosen the "high" security level. > I suppose that's the reason that in /etc/ssh/sshd.config root logins are > disabled, correct? > > If so, why are root ssh logins disabled? I further suppose that is, > because root ssh logins are "bad". Correct? Well, but why are they > "bad"? In how far is it more secure to first ssh to a normal user > account and then do a su to become root? > > Alexander Skwar >
Root login requires 1 secret. User login then su requires at least 3 (username, userpassword/ssh key, root password) plus being in wheel group (depending on other settings that occur in high). If you have setup ssh with keys, and are using ssh-add, there is no additonal convenience to having root ssh logins (since you only have to type the password once, and don't have to "-l root"), so why purposely make it easier for crackers and more difficult for yourself? -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/gpg.key
