root login stops working
Jon Radel
jon at radel.com
Sun May 11 21:34:57 UTC 2008
Wojciech Puchar wrote:
>
>> need root access, you should use a staff account in the wheel group to
>> remotely log into the machine, then su to root.
>
> or set
>
> PermitRootLogin yes
>
> in sshd_conf
>
> much easier.
>
>> The fact that remote direct root login is disabled is a security feature,
>> meant to prevent things like brute-force attacks on root over the
>> network. It's a bad idea to change that behavior, in general. Back when
>
> just another stupid myth.
As is, of course, all security in depth. Hey, if you want everything
riding on one password, more power to you, but you might want to refrain
from using phrases like "stupid myth" unless you've got some hard data
to back them up.
> simply use good passwords.
Or a nice little key encrypted with a good pass phrase. Use ssh-agent
right and you can make things even easier for yourself.
>
> having to log through 2 accounts doesn't increase security. actually
> increases mess.
The only mess I can think of is all that logging that forces a bit of
accountability onto all the admins who know the root password. Of
course, if you're the only admin, I suppose it doesn't really matter.
;-)
--Jon Radel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3283 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080511/56d17864/smime.bin
More information about the freebsd-questions
mailing list