Chris Adams <cmadams@xxxxxxxxxx> wrote: [...] > I always thought it was odd that some things (e.g. telnet) block root > logins but others (e.g. ssh) don't. I can telnet in and then su and the > password is just as much in the clear as it would have been with > straight root-login-telnet. telnet needs to go. I haven't installed the daemon for ages, and for some time before had it disabled. The client comes handy to check out text-based protocols, though. But perhaps netcat is a replacement here... ssh is a different beast, the connection is encrypted. > Either all should allow or all should block > (I personally block), except for directly attached consoles (so root can > get in when all else is broken). > Maybe sshd could be configured as "PermitRootLogin without-password", > which would require someone to configure keys (but not reconfigure sshd) > before root ssh could be used. Not for me, please. -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 2654431 Universidad Tecnica Federico Santa Maria +56 32 2654239 Casilla 110-V, Valparaiso, Chile 2340000 Fax: +56 32 2797513 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
