increasing failed sshd logins/clearing breadcrumb trails

Glenn Sieb ges+lists at
Thu Sep 16 10:50:56 PDT 2004

John DeStefano said the following on 9/16/2004 10:40 AM:

>>>The easiest way to protect this is to check your sshd_config and
>>>PermitRootLogin no
>Interestingly, this option did not exist in my config file (I added
>it), but all other options were commented out.  Is this the default? 
>Is it wise to leave it this way?
Yes--it's in man sshd_config:

             Specifies whether root can login using ssh(1).  The 
argument must
             be ``yes'', ``without-password'', ``forced-commands-only'' or
             ``no''.  The default is ``no''.  Note that if
             ChallengeResponseAuthentication is ``yes'', the root user 
may be
             allowed in with its password even if PermitRootLogin is set to

             If this option is set to ``without-password'' password 
             cation is disabled for root.

             If this option is set to ``forced-commands-only'' root 
login with
             public key authentication will be allowed, but only if the
             command option has been specified (which may be useful for 
             remote backups even if root login is normally not allowed). All
             other authentication methods are disabled for root.

             If this option is set to ``no'' root is not allowed to login.


"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety.  
          ~Benjamin Franklin, Historical Review of Pennsylvania, 1759

More information about the freebsd-questions mailing list