Depending on which country you're in, there can also be regulatory requirements which require that individual logins be tracked. But it all really boils down to best practices. Glenn Pitcher, CISSP IT Security Engineer MedImpact Healthcare Systems -----Original Message----- From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Mario Platt Sent: Monday, June 02, 2008 8:36 AM To: Ron Arts Cc: secureshell@xxxxxxxxxxxxxxxxx Subject: Re: Allowing remote root login seems to be bad. Why? Hey, Well in my opinion, debian guys are right, and for one reason only: Logging. If you login the machine with root, and everyone does it as well, you will never know who is doing what. In the case of your machine being only administered by yourself, and you have no sudo policies, it all ends up being the same... mas in a multi admin environment, I think it's an absolute must... On Mon, Jun 2, 2008 at 9:29 AM, Ron Arts <ron@xxxxxxxxxxxxxx> wrote: > Hi, > > today I found that different Linux distributions have various policies > regarding allowing remote root access. For example, The Redhat/Fedora > crowd seems to enable this on default installs, but the Debian/Ubuntu > don't, they recommend sudo. > > I googled around but could not find why fedora allows it, and the > debian people just seem to have one reason: 'allowing remote root > access is bad, everybody knows that'. > > Suppose I ensure that root has a very strong password, then does it > really matter either way? > > Thanks, > Ron > > --------------------------------------------------------------------- This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.
