Re: Allowing remote root login seems to be bad. Why?



On Jun 2, 2008, at 8:35 AM, Mario Platt wrote:
On Mon, Jun 2, 2008 at 9:29 AM, Ron Arts <ron@xxxxxxxxxxxxxx> wrote:
Hi,

today I found that different Linux distributions have various
policies regarding allowing remote root access. For example,
The Redhat/Fedora crowd seems to enable this on default installs,
but the Debian/Ubuntu don't, they recommend sudo.

I googled around but could not find why fedora allows it, and the
debian people just seem to have one reason: 'allowing remote root
access is bad, everybody knows that'.

Suppose I ensure that root has a very strong password, then does
it really matter either way?
Hey,

Well in my opinion, debian guys are right, and for one reason only: Logging.

Access control with sudo is also many times more granular. "root" can do anything, but sudo can grant root-like permissions for certain activities to certain people. You might allow apache administration, the ability to add users, the ability to run "apt-get upgrade" etc. without giving someone access to replace system binaries, for example.

However, that's all an argument for using sudo instead of the root account overall.

The reason for disallowing remote root is that it raises the bar for compromising your machine. If someone were to gain access to your very strong root password somehow, then owning your machine is a simple login away. However, if remote root were disabled, that nefarious person would first have to break into a user account and then proceed to break the root account (via su/sudo or a local exploit).

Not only does this double the amount of work required, but it also gives you a window of opportunity to shut them down before they actually gain full access.

-b