Re: Allowing remote root login seems to be bad. Why? (SUMMARY)



Ron Arts wrote:
Okay,

the general feeling seems to be that you should disable
remote root login, for the following reasons:

1. Why take the chance that someone cracks the root account.
2. You want to keep logs on who is logging in to your box.

Though from the answers I may induce that it may be
secure if:

- you choose a strong root password
- there are no other users on the box
- constrain logins to certain ip addresses.

I think if you allow users on the box, you run a much
larger risk anyway not? Hacking root from a local
account is much easier than hacking root remotely.

I did not see defenders of the default redhat/fedora setup.

But your answers still convinced me that though there
are valid reasons to use local user accounts together with sudo,
they do not necessarily apply to the setups I use.

Thanks,
Ron

I am a little surprised people have not been talking about ssh-key-only logins (but then I didn't bother mentioning it until now either... ;-) )

If you disallow passwords then most of the arguments about remote root passwords etc go out the window, but you may still have to concern yourself about remote root exploits, but then you do patch your servers at least daily don't you?

I would not personally never allow remote root password logins. On multi-admin systems then user login + sudo is a must from the auditing perspective, otherwise you're relying on source address to identify people which is weak.

On the pw guessing note, you should be automatically blocking any address that even tries these sorts of things, I wouldn't stick an ssh server out there on any port without at least that much (+being fully patched and having automated patch alerting and fast upgrades).

-h

--
Hari Sekhon