RE: Allowing remote root login seems to be bad. Why?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If I can add my 2 cents, I recommend also changing the ssh port.  It
cuts down on a lot of hack attempts.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Smith Jr, Harry E
Sent: Monday, June 02, 2008 11:56 AM
To: secureshell@xxxxxxxxxxxxxxxxx
Subject: RE: Allowing remote root login seems to be bad. Why?

I think the real question is what is the environment you are working in.


If the Linux is being installed on production machines then
Debian/Ubantu is the correct configuration. However, this is something
that all hardening rules check plus considerably more. 

However, if you are in a development environment, then I lean to
Fedora/Red Hat with some of the hardening rules set ( No rsh ... ) 

Harry
  



-------------------------------------------------------------
Harry E Smith Jr.
Senior Staff System Engineering
(408) 473 6491 (work)
(408) 888 5209 (cell)
(877) 635 1529 (pager)

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Mario Platt
Sent: Monday, June 02, 2008 8:36 AM
To: Ron Arts
Cc: secureshell@xxxxxxxxxxxxxxxxx
Subject: Re: Allowing remote root login seems to be bad. Why?

Hey,

Well in my opinion, debian guys are right, and for one reason only:
Logging.
If you login the machine with root, and everyone does it as well, you
will never know who is doing what. In the case of your machine being
only administered by yourself, and you have no sudo policies, it all
ends up being the same... mas in a multi admin environment, I think it's
an absolute must...

On Mon, Jun 2, 2008 at 9:29 AM, Ron Arts <ron@xxxxxxxxxxxxxx> wrote:
> Hi,
>
> today I found that different Linux distributions have various policies

> regarding allowing remote root access. For example, The Redhat/Fedora 
> crowd seems to enable this on default installs, but the Debian/Ubuntu 
> don't, they recommend sudo.
>
> I googled around but could not find why fedora allows it, and the 
> debian people just seem to have one reason: 'allowing remote root 
> access is bad, everybody knows that'.
>
> Suppose I ensure that root has a very strong password, then does it 
> really matter either way?
>
> Thanks,
> Ron
>
>
[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux