PermitRootLogin (was: Re: Tightening SSH access)

From: Carlos Moreno (
Date: 07/09/05

  • Next message: Philip Washington: "Re: curious wtmp date"
    Date: Sat, 09 Jul 2005 11:50:19 -0400

    I just tried configuring one of the servers to disallow root login.

    One problem/weakness I noticed is that even though the login is
    ultimately refused, typing the correct password and typing an
    incorrect password produce different behaviours.

    This is indeed a weakness, I believe, as it discloses the fact that
    you got the correct password (I know that guessing the root password
    should be extremely unlikely, but these are the odds that they're
    playing when brute-forcely attempting to login as root, right?)

    IMHO, if the server must wait until the time to refuse login, then
    it should refuse it in the exact same way. A better solution, of
    course, would be that as soon as root is entered as user name, it
    should immediately close the connection (without even saying
    goodbye). This could be done for the special case of root (but
    perhaps not for the other users, as that would allow attackers to
    know when they got a correct username).

    Comments? (time to write to the OpenSSH guys with this feature
    request? Or has this been addressed in the past?)

    Thanks! And thanks to all that have replied so far!



  • Next message: Philip Washington: "Re: curious wtmp date"

    Relevant Pages

    • Re: Why is login so screwed up?
      ... ]When I set Linux up, I gave them the root password they asked for. ... I tried to login using the name I gave during setup, ... No linux system will refuse your ...
    • SUMARY: Cant login as root
      ... As a result, i was not able to log in as root, neither create a new ... Asunto: RE: Can't login as root ... > console. ... > If we log as any other user everythig is ok, but we cannot either do su-. ...
    • RE: Urgent help needed with Login problems after installation of FC1
      ... symptom trying to su back to root. ... After another minimal install, I was able to add my user and su to it and su ... I was unable to boot using the boot floppy. ... I did a minimal install and was able to login as root, ...
    • Re: BSM, SSH, and Session ID
      ... Are you logging in as root through ssh or is that just the way it is ... Sun SSH/OpenSSH should fork off before the login because the sshd ... It should always be a different session, ...
    • Re: i can not log as a root
      ... >> how i can log as a user but not as a root. ... > Problem seems to be with the X session not your login but we'll try a few ... > select the OS/kernel that you boot to, ... > Looks like something is wrong with your Xsessions script or one of the ...