Security SSH

[Paul Hoffman]

On Jan 13, 2015, at 9:31 AM, Zoran Kolic <zkolic at sbb.rs> wrote:
> 
>> Can you point to that for the rest of us? I'd rather not wade in openbsd-misc....
> 
> The link original poster presented is the correct one.
> Openbsd tend to set some default values, which one might
> like or not. I would disable root login at first.
> Misc seems rough at moment. I found it very helpfull if
> I need help, just have to follow rules. Be patient, give
> as much info as possible, don't push... Do your homework...
> If I really have to say what I think: ssh is great tool.

In the FreeeBSD space, enabling root login for SSH by default is problematic on both sides of the sword.

- If it enabled by default, and the root password is purposely easy to remember (because it is a single-user system), it's easy to get owned.

- If it is disabled by default, you either have to be able to log in once from the console (which you might not have access to if it is a VM), or the one user who was added has to be part of the right group *and* you need to remember the right incantation for "su".

On balance, I'm happy with the FreeBSD default of "PermitRootLogin no" even though it has made creating new FreeBSD VMs troublesome for me sometimes.

...and I'm glad we're not discussing the uninformed crypto FUD that started this thread...

--Paul Hoffman