You can setup weak root password during install ;-) There is no test,so I can use root,password,admin and so on.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Giancarlo Razzolini Sent: Thursday, July 10, 2008 8:16 PM To: Paul de Weerd Cc: Brynet; misc@openbsd.org Subject: Re: sshd_config(5) PermitRootLogin yes Paul de Weerd escreveu: > On Thu, Jul 10, 2008 at 01:21:20PM -0400, Brynet wrote: > >> The keyword here is *default*. >> >> Say you installed OpenBSD on a soekris, it's nice having root enabled >> "temporarily". >> >> That way you can login at a later time, create a lesser privledged account, >> edit the sudoers file.. and disable root logins in sshd_config. >> > > Note that you can already create this account and edit sudoers while > still in the installer kernel. Simply `mnt/usr/sbin/chroot /mnt` and > you are in your new system where you can change basic things (such as > adding users and editing config files, do not expect to be able to do > more fancy stuff like firewalling (so you can edit pf.conf, you just > can not load it until after rebooting), you're still in the install > kernel which lacks several key features provided by the regular > kernel). > > root logins are also quite useful when /home is on NFS and NFS is > broken somehow and you need to log in to fix stuff. Myself, I keep it > enabled, even if I don't have /home on NFS and already have my > less-privileged user for sudo access setup. > > Cheers, > > Paul 'WEiRD' de Weerd > > I do prefer to use the siteXX.tgz and the install.site script to do this, since it is the recommended way to customize the install process: http://www.openbsd.org/faq/faq4.html#site I remember other thread on this list about this. At some point someone asked "Why not ask the installing user to create an unprivileged account during the install process?". The answer was simple and very coherent: "Because we want the user to give root user a strong password. If we prompt for another user creation, it will tend to pick a weak password." I agreed with that and prefer having things like this. The portable ssh version also come with PermitRootLogin defaulted to yes. I don't see this as a security breach. Just pick a strong root password, create a user, edit sudoers, disable root login and you are done. My regards, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Herom 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
