Ron Arts wrote:
Okay,
the general feeling seems to be that you should disable
remote root login, for the following reasons:
1. Why take the chance that someone cracks the root account.
2. You want to keep logs on who is logging in to your box.
Though from the answers I may induce that it may be
secure if:
- you choose a strong root password
- there are no other users on the box
- constrain logins to certain ip addresses.
I think if you allow users on the box, you run a much
larger risk anyway not? Hacking root from a local
account is much easier than hacking root remotely.
I did not see defenders of the default redhat/fedora setup.
But your answers still convinced me that though there
are valid reasons to use local user accounts together with sudo,
they do not necessarily apply to the setups I use.
Thanks,
Ron
I am a little surprised people have not been talking about ssh-key-only
logins (but then I didn't bother mentioning it until now either... ;-) )
If you disallow passwords then most of the arguments about remote root
passwords etc go out the window, but you may still have to concern
yourself about remote root exploits, but then you do patch your servers
at least daily don't you?
I would not personally never allow remote root password logins. On
multi-admin systems then user login + sudo is a must from the auditing
perspective, otherwise you're relying on source address to identify
people which is weak.
On the pw guessing note, you should be automatically blocking any
address that even tries these sorts of things, I wouldn't stick an ssh
server out there on any port without at least that much (+being fully
patched and having automated patch alerting and fast upgrades).
-h
--
Hari Sekhon
