Re: PermitRootLogin=yes versus su
From: Cameron Laird (claird@lairds.com)
Date: 01/31/03
- Next message: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- Previous message: Jens Kleineheismann: "Re: OpenSSH + KerberosV + GSSAPI"
- Next in thread: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- Reply: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: claird@lairds.com (Cameron Laird) Date: Fri, 31 Jan 2003 14:43:42 -0000
In article <3nvng-p4p.ln1@news.lairds.org>,
Kyler Laird <Kyler@news.Lairds.org> wrote:
.
.
.
>There are ways to mix the two approaches.
>
>PermitRootLogin is not tied to "root". It controls login by
>anyone with UID 0. You could easily make a "secretroot" account
>for use when logging in remotely. Leaving the "root" account
>around might be necessary for local use (like when a disk goes
>bad) though.
.
.
.
Oh, yes. I had a period when part of my hardening routine
was to change the name of root to 'serf' or 'lowlife' or
something equally impotent-looking. You're right--it would
have been, and is, wiser to add the undercover account as a
second UID 0, while retaining 'root'.
-- Cameron Laird <Cameron@Lairds.com> Business: http://www.Phaseit.net Personal: http://phaseit.net/claird/home.html
- Next message: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- Previous message: Jens Kleineheismann: "Re: OpenSSH + KerberosV + GSSAPI"
- Next in thread: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- Reply: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
