Sebastian Rittau <[EMAIL PROTECTED]> writes: > On Wed, Jun 26, 2002 at 02:11:00PM +0200, InfoEmergencias - Luis Gómez wrote: > > > IMHO, we'd better set it to no. I always thought it was much better. Is > > there any landscape in which you may want to allow direct root login to > > your host? > > Yes, there is. For example I have some servers that retrieve their user > information from a database. If the database is not reachable, an > ordinary user can't login, but root can, since it's the only local > account with login privileges.
Yes, this is an idea, along with simple backups (over scp/rsync, without sudo server-side). Doesn't sashroot also constitute uid-0 login and fall subject to the above? > But then this is a special case that doesn't require root logins enabled > by default. On the other hand I don't see why allowing direct root logins > is a problem. Having `PermitRootLogin yes' gives someone a known username to brute-force. Fortunately, sshd_config(5) to the rescue, here: | PermitRootLogin | Specifies whether root can login using ssh(1). The argument | must be ``yes'', ``without-password'', | ``forced-commands-only'' or ``no''. The default is ``yes''. For potentially-interactive purposes (rescuing a remote server), I'd go with without-password; if you know that root coming in via this access means is only going to want to run one command (eg for backup purposes when you have console access a matter of metres away) then you can afford the extra security of a forced-commands-only approach[0]. [0] Note FWIW that this is not "you asked for the wrong command, so I'll do nothing"; it's "no matter what you asked, I'm going to do <Foo>" as specified in the cmd= restriction... ~Tim -- <http://spodzone.org.uk/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
