ssh default security risc

[FreeBSD questions mailing list]

On 04 feb 2005, at 02:59, Gert Cuykens wrote:

> On Thu, 3 Feb 2005 16:54:01 -0800, FreeBSD questions mailing list
> <FreeBSD at amadeus.demon.nl> wrote:
>> You really need to look at it from a different point of view...
>> If you want to prevent people from breaking into your car you lock the
>> doors.
>> Don't say "If they break the locks and get in, I can't use my key
>> anymore. So keep the doors unlocked", do you?
>> My point of view...
>> Arno
>>
>
> I like this point of view game :)
>
> How many locks are there in your car, lets say ever user has a lock
> the trunk the left and the right door. Now imagine your little kit
> waving to you behind the windows. You want to kick his butt because he
> broke your brand new television set. You cant go in your car because
> he pushes on the lock button so you can't turn the key. To make things
> wurse your kid is trying to play with the root engine but he can't get
> the engine to start. Enabeling the ssh root is like having the remote
> car key that opens every door at once so you can get in to kick his
> butt :)
>
No it is not!
It is like giving the key to the burglar who's after your car stereo.
If he'd only know you (have your account) then he would only be able to 
trace your car, look at it, look what's inside but not change anything.
He would still need to go after the keys...

Really it is the opposite of what you're thinking.
If root login is disabled and an intruder hacks a user account he can 
only change things as much as you allow the account to make changes to 
the system.
The intruder still needs to go for the root password after this, if 
he's after total control of your comp.
When the intruder changes your password but doesn't get root access you 
can't get in but your system is far less damaged.

If root login is enabled then the intruder has half the work to get 
full access to the system.
And you can't access the comp at all after that has happened.

A