root login stops working

[Chad Perrin]

On Sat, May 10, 2008 at 11:50:46AM -0700, Dennis Flynn wrote:
> I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
> 
> About a day after install root login no longer works - even on the console.
> 
> I see the following in /var/log/auth.log:
> May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.104 port 1492 ssh2
> May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0: 

I'd say this was expected behavior, since FreeBSD disbles direct root
login over SSH by default (for good reason), but . . .


> 
> And in /var/log/messages:
> May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (core dumped)

. . . this looks suspicious.  I'm pretty sure you don't get any core
dumps when sshd refuses to let you log in as root.


> 
> New to FreeBSD after using Linux for a long time.  I'd really like to get this to workfor my web server/weather station which is currently running on Debian Linux.

For security purposes, you should probably actually configure your Debian
system to behave more like your FreeBSD system, with regard to SSH.  Set
the PermitRootLogin value in /etc/ssh/sshd_config to "no" to prevent
remote logins over SSH as root.  This behavior is intended as a security
measure.  To access root remotely, log in over SSH as an account that has
su access, then su to root, rather than just logging in as root directly.

To grant an account on FreeBSD su access to root, add it to the wheel
group.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
print substr("Just another Perl hacker", 0, -2);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080511/b1b76b2f/attachment.pgp