[Eug-lug] source of ssh scanner
Jacob Meuser
jakemsr at jakemsr.com
Wed Aug 25 14:12:08 PDT 2004
On Wed, Aug 25, 2004 at 12:42:18PM -0700, larry price wrote:
> On Wed, 25 Aug 2004 12:23:53 -0700 (PDT), Jason <chanjb at yahoo.com> wrote:
> > Unfortunately, the default for openssh is yes for
> > PermitRootLogin. My experience is that most folks
> > don't perform a lot of sshd configuration - if it
> > works out of the box, they go with it.
> >
>
> hmm default on FreeBSD is no
> but on OSX it's yes
>
> don't have a debian or gentoo box handy to check
> it's in /etc/sshd_config or /etc/ssh/sshd_config
> depending
>
> permitting remote root logins over ssh seems like a bad default
> although the usual solution I've seen (multiple admins and
> unrestricted sudo access, i.e. shared root) is no better, and in fact
> may be worse in that there are multiple tokens which could be
> compromised to gain all privs.
PermitRootLogin is on by default so that freshly installed machines
can be accessed and configured ... datacenter does default install
(which only takes a few minutes with a sane OS), datacenter gives
client root password.
--
<jakemsr at jakemsr.com>
More information about the EUGLUG
mailing list