Re: Openssh and permit_root_login

From: Sir Jackery (root_at_jackery.com)
Date: 02/08/05

  • Next message: Geoff King: "Re: Linux distro with ACL support "out of the box"?"
    Date: Tue, 8 Feb 2005 10:26:53 -0800
    
    

    On Mon, 7 Feb 2005 dale@edgehp.invalid wrote:

    >
    > --
    > Well, it's obvious when you see a parameter like "permit_root_login"
    > should be set to "no", so that you have to ssh in as an ordinary user
    > and then "su -" to get to root. Isn't it?
    >
    > The other day I began running rkhunter as well as chkrootkit, and it's
    > flagging my "permit_root_login = no" as a security advisory. Seemed
    > odd, so I started searching around, and found a couple of references
    > like this:
    > "Sorry, you have to edit the sshd config file (/etc/ssh/sshd_config).
    > Change PERMIT_ROOT_LOGIN to NO. Restart sshd and root login is permited."
    >
    > I also see that there were security advisories against OpenSSH, related
    > to the permit_root_login flag. Incidentally, I tried ssh to root, and
    > find that it does indeed ask for a password, but it never works. There
    > was some mention of information leakaga, and this would certainly be the
    > correct way to plug it. So all in all, this doesn't seem to make sense.
    > What gives?
    >
    > Thanks,
    > Dale Pontius
    >

    maybe your scanner is looking for a NO case sensitive, your config file is
    case-insensitive. Just a thought...

    jackery


  • Next message: Geoff King: "Re: Linux distro with ACL support "out of the box"?"