Re: SSH as root

From: Andy Walden (andy_at_tigerteam.net)
Date: 07/03/03

  • Next message: Greg A. Woods: "Re: SSH as root"
    Date: Thu, 3 Jul 2003 15:43:10 -0500 (CDT)
    To: Paul Bauer <paul@shorttermwhat.com>
    
    

    On Thu, 3 Jul 2003, Paul Bauer wrote:

    > I personally don't allow ssh as root but am now curious as to why this
    > is a bad practice. I had long believed it was a security risk and just
    > unnecessary and have been told this is FUD.

    As most things, it depends on your point of view and what your goals and
    requirements are. One argument is that it could remove accountability from
    a specific user, as can any role account. Another point is that by
    allowing root logins, a remote user could perform a brute force attack
    against your root account. By restricting remote root access, the idea
    is that you limit your root vulnerability to just local users.

    andy

    --
    PGP Key Available at http://www.tigerteam.net/andy/pgp
    

  • Next message: Greg A. Woods: "Re: SSH as root"