Re: SSH as root

From: Andy Walden (
Date: 07/03/03

  • Next message: Greg A. Woods: "Re: SSH as root"
    Date: Thu, 3 Jul 2003 15:43:10 -0500 (CDT)
    To: Paul Bauer <>

    On Thu, 3 Jul 2003, Paul Bauer wrote:

    > I personally don't allow ssh as root but am now curious as to why this
    > is a bad practice. I had long believed it was a security risk and just
    > unnecessary and have been told this is FUD.

    As most things, it depends on your point of view and what your goals and
    requirements are. One argument is that it could remove accountability from
    a specific user, as can any role account. Another point is that by
    allowing root logins, a remote user could perform a brute force attack
    against your root account. By restricting remote root access, the idea
    is that you limit your root vulnerability to just local users.


    PGP Key Available at

  • Next message: Greg A. Woods: "Re: SSH as root"

    Relevant Pages

    • Re: user privledges
      ... > redhat 7.2 i created a user account for myself to use on a daily basis. ... > fare i have just been su - and entering the root pass. ... it started but would not install because i did ... sofware to /opt/musicmatch as a normal user. ...
    • Re: Alerting - Malicious software removal tool
      ... >needed to install an application that she could not install from ... >"Administrator" account. ... You failed to analyze the root cause and correct it ... use their computers to have fun. ...
    • Re: hi all..
      ... And with sudo, I certainly wouldn't because they already have root. ... If you somehow had access to my account right now, ... install an effective key logger without root. ...
    • Re: cant login as root
      ... > The only reason they don't have a local account is they were too lazy to ... If you're root you create and maintain a user account. ... local root accounts are themselves a hazard. ...
    • Re: hi all..
      ... and someone gets access your shell account, ... Only root can install an su binary. ... Of course, if I have sudo ...