Re: Allowing remote root login seems to be bad. Why?

[Mario Spiegel <mario.spiegel@xxxxxxxxxxxxxx>]

ACK to this.
After it you should take some Port logging tools at Port 22 and you will 
be surprised how many attacks miss cause of your "3 stage login security"

David Bruce schrieb:
> If I can add my 2 cents, I recommend also changing the ssh port.  It
> cuts down on a lot of hack attempts.
>
> -----Original Message-----
> From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
> On Behalf Of Smith Jr, Harry E
> Sent: Monday, June 02, 2008 11:56 AM
> To: secureshell@xxxxxxxxxxxxxxxxx
> Subject: RE: Allowing remote root login seems to be bad. Why?
>
> I think the real question is what is the environment you are working in.
>
>
> If the Linux is being installed on production machines then
> Debian/Ubantu is the correct configuration. However, this is something
> that all hardening rules check plus considerably more. 
>
> However, if you are in a development environment, then I lean to
> Fedora/Red Hat with some of the hardening rules set ( No rsh ... ) 
>
> Harry
>   
>
>
>
> -------------------------------------------------------------
> Harry E Smith Jr.
> Senior Staff System Engineering
> (408) 473 6491 (work)
> (408) 888 5209 (cell)
> (877) 635 1529 (pager)
>
> -----Original Message-----
> From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
> On Behalf Of Mario Platt
> Sent: Monday, June 02, 2008 8:36 AM
> To: Ron Arts
> Cc: secureshell@xxxxxxxxxxxxxxxxx
> Subject: Re: Allowing remote root login seems to be bad. Why?
>
> Hey,
>
> Well in my opinion, debian guys are right, and for one reason only:
> Logging.
> If you login the machine with root, and everyone does it as well, you
> will never know who is doing what. In the case of your machine being
> only administered by yourself, and you have no sudo policies, it all
> ends up being the same... mas in a multi admin environment, I think it's
> an absolute must...
>
> On Mon, Jun 2, 2008 at 9:29 AM, Ron Arts <ron@xxxxxxxxxxxxxx> wrote:
> > Hi,
> >
> > today I found that different Linux distributions have various policies
>
> > regarding allowing remote root access. For example, The Redhat/Fedora 
> > crowd seems to enable this on default installs, but the Debian/Ubuntu 
> > don't, they recommend sudo.
> >
> > I googled around but could not find why fedora allows it, and the 
> > debian people just seem to have one reason: 'allowing remote root 
> > access is bad, everybody knows that'.
> >
> > Suppose I ensure that root has a very strong password, then does it 
> > really matter either way?
> >
> > Thanks,
> > Ron

--
Mit freundlichen Gruessen / Kind Regards

Mario Spiegel