Re: Allowing remote root login seems to be bad. Why?



Hi,

today I found that different Linux distributions have various
policies regarding allowing remote root access. For example,
The Redhat/Fedora crowd seems to enable this on default installs,
but the Debian/Ubuntu don't, they recommend sudo.

Yes, you can also throw the *BSDs into the mix and get really
confused. Everyone has an opinion on the issue.

Suppose I ensure that root has a very strong password, then does
it really matter either way?

One school of thought goes like this: Disabling root access
altogether makes it impossible for someone who somehow obtains the
password to break in - you don't even give the person a chance to hack
by brute force, you take it out of his hand entirely.

On the other hand, if you have for root password a 97-character string
with large and small letters, numbers, special symbols, etc., and want
to take your chances, then by all means enable root login. Or if you
don't care whether you get pwned or not.

SC



Relevant Pages

  • Re: Single-use root account?
    ... On Fri, 2003-11-07 at 07:55, J. Bruce Fields wrote: ... they generally will need root access to do it. ... >> I certainly trust them, I'm very security conscious and wouldn't feel ... >> comfortable giving them my root password. ...
    (Debian-User)
  • Re: Security Weaknesses of OS X
    ... a closer equivalent would be to type 'sudo su'. ... administrator password, while 'su' would require a root password, ... Lots of Unix systems have sudo. ... sudo ends the root access after a period of time ...
    (comp.sys.mac.system)
  • Re: View Passwords from Login Attempts?
    ... > to the offenders ISP abuse department. ... > I have the ip addy of the nodes for allowing remote logins. ... Your absolutely right no root access through ssh. ... I have a strong root password, a mixture of random letters and numbers ...
    (alt.os.linux.redhat)
  • Re: Security Weaknesses of OS X
    ... a closer equivalent would be to type 'sudo su'. ... administrator password, while 'su' would require a root password, ... Lots of Unix systems have sudo. ... sudo ends the root access after a period of time ...
    (comp.sys.mac.system)
  • Re: Ubuntu security hole? (not super major, but wondering if it is an issue to report)
    ... Chanchao wrote: ... 'root@ubuntu #' So it did not prompt for a root password (obviously, ... as there is none) but it also did not prompt for my own password. ... itself up with complete root access to whoever was sitting at the ...
    (Ubuntu)