Ron Arts wrote:
Hi, today I found that different Linux distributions have various policies regarding allowing remote root access. For example, The Redhat/Fedora crowd seems to enable this on default installs, but the Debian/Ubuntu don't, they recommend sudo. I googled around but could not find why fedora allows it, and the debian people just seem to have one reason: 'allowing remote root access is bad, everybody knows that'. Suppose I ensure that root has a very strong password, then does it really matter either way? Thanks, Ron
Script kiddies are constantly scouring the Net looking to crack the root account on boxes that they find. If you disable remote root access, you remove this threat. Then the attacker would have to be able to guess both a non-obvious username AND a non-obvious password in order to gain access to your box. Wouldn't a strong root password remove the threat anyway, though? Probably. But why take the chance? By disallowing remote root access, you remove this line of attack, and really don't inconvenience yourself very much by doing so, since you can easily perform root-level functions from your user account using sudo.
In fact, I strongly recommend the use of sudo in general. It's generally a bad idea to sign in as root anyway, partly for security reasons, but also partly so that if you accidentally do something stupid like "rm -rf /" it won't have catastrophic consequences. Better to just log in as your user account, and then briefly elevate to root privileges using sudo when needed.
DR