Fwd: secureshell Digest 2 Jun 2008 17:05:22 -0000 Issue 1092



Anytime you allow remote root access is bad. It leaves you open to
brute force password attacks and the like.

Best practice would be to only allow root login from 1 server using a
ssh key and/or login to the system via a non-root user and sudo to
root.

Brent

On Mon, Jun 2, 2008 at 11:05 AM,
<secureshell-digest-help@xxxxxxxxxxxxxxxxx> wrote:

secureshell Digest 2 Jun 2008 17:05:22 -0000 Issue 1092

Topics (messages 9892 through 9892):

Allowing remote root login seems to be bad. Why?
9892 by: Ron Arts

Administrivia:

To subscribe to the digest, e-mail:
<secureshell-digest-subscribe@xxxxxxxxxxxxxxxxx>

To unsubscribe from the digest, e-mail:
<secureshell-digest-unsubscribe@xxxxxxxxxxxxxxxxx>

To post to the list, e-mail:
<secureshell@xxxxxxxxxxxxxxxxx>


----------------------------------------------------------------------


---------- Forwarded message ----------
From: Ron Arts <ron@xxxxxxxxxxxxxx>
To: secureshell@xxxxxxxxxxxxxxxxx
Date: Mon, 02 Jun 2008 10:29:29 +0200
Subject: Allowing remote root login seems to be bad. Why?
Hi,

today I found that different Linux distributions have various
policies regarding allowing remote root access. For example,
The Redhat/Fedora crowd seems to enable this on default installs,
but the Debian/Ubuntu don't, they recommend sudo.

I googled around but could not find why fedora allows it, and the
debian people just seem to have one reason: 'allowing remote root
access is bad, everybody knows that'.

Suppose I ensure that root has a very strong password, then does
it really matter either way?

Thanks,
Ron