Re: able to login as root via ssh :-(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Scot L. Harris wrote:

On Mon, 2006-08-07 at 22:33 -0400, Todd Zullinger wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don Russell wrote:

Why?  Just curious what made you believe it was disabled by default.

Well.... just ignorance on my part.... but ftp doesn't allow me log
in as root, and I don't recall changing that setting. Call it "I
expected any form of remote access to be consistent in denying root
access". Of course they are different programs (ftp server/ssh
server)... and I always see messages that say "... ssh in, then su -
to root...." sort of implies that ssh to root directly won't work.
But again, abad assumption on my part. :-(

It's not unreasonable to assume the default would be to disable it.
I'm sure there have been debates on what the right default should be
among the openssh developers.  I didn't mean to pick on you by asking.
;-)


If I recall correctly from a discussion about this a long time ago, ssh
has root access enabled by default for those cases where the admin is
trying to install a system remotely.


[snip]
That seems like a bit of a strawman argument to me.... but I'll concede that I don't know everything. :-)
In order for a remote system to be in a state that remote access is even possible, there must be an OS already running. In order to install the first OS, physical access to the box must be required. It has to be physically connected etc. At the very least the power has to be turned on.. it might then proceed to do a network install... 

At that first install time is when a second user id should be created....
Anyway... I don't want to get into a big discussion over something that has already been settled.... Might be nice to have a new option in sshd_config though: "PermitRootLoginWarn yes", then in my Logwatch reports I'll see something like "Warning: root login is permitted via ssh - see /etc/ssh/sshd_config"
If the sysadmin really wants that, they can turn the warning off, and sysadmins that don't want that can disallow root login.
Bugzilla/suggestion? I'll happily create a bugzilla report for that, or am I a little over-the-top? :-) 

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux