OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] /etc/sshd_config wize to change
From: Roman Drahtmueller (drahtuni-freiburg.de)
Date: Mon Apr 10 2000 - 11:27:34 CDT

>
> Dear all,
>
> I think there is a unsafe setting in the /etc/sshd_config file. The
> following setting is be done:
> PermitRootLogin yes. It think it would be best to change the yes to no.
> This is to make it more difficult for a hacker.
>
> Regards,
>
> Joop Boonen.
>
> Can this please also be changed in the rpm package?

Joop,

the rationale behind this is that it should be possible to log on to a
freshly installed machine in some way. Since the root account is the only
one upon completion of the installation to have a valid password, the
setting is "yes". If there should be any remote access after a fresh
installation at all, then it is considered safest to use ssh.

Please note that the settings include
PermitEmptyPasswords no # in both openssh and ssh

which means that the admin is protected against himself in terms of
passwords related to remote logins. Anything more would be uncivilized.

Please disable the option on your own if you feel uncomfortable with it. I
bet that thousands of users would complain if this detail is changed.

Regards,
Roman. 

-- 
 _                                                                   _
| Roman Drahtmüller               "Freedom means that you can choose  |
  CC University of Freiburg        what you want to learn at a given  
| email: drahtuni-freiburg.de     time."            A. Becker, 1999  |
 -                                                                   -
People often find it easier to be a result of the past than a cause of
the future.

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com