OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] /etc/sshd_config wize to change
From: Simon Lodal (simonlmirrormind.com)
Date: Mon Apr 10 2000 - 17:54:05 CDT

> the rationale behind this is that it should be possible to log on to a
> freshly installed machine in some way. Since the root account is the
only
> one upon completion of the installation to have a valid password, the
> setting is "yes". If there should be any remote access after a fresh
> installation at all, then it is considered safest to use ssh.

> Please note that the settings include
> PermitEmptyPasswords no # in both openssh and ssh

> which means that the admin is protected against himself in terms of
> passwords related to remote logins. Anything more would be
uncivilized.

> Please disable the option on your own if you feel uncomfortable with
it. I
> bet that thousands of users would complain if this detail is changed.

What is confusing is the rc.config setting ROOT_LOGIN_REMOTE. It only
covers telnet, which no sane security minded person would use anyway.
The comments does not indicate this however, so one might think that
no remote login was possible at all when this is set to "no", very
ufortunate!

It would seem logical to let ROOT_LOGIN_REMOTE affect all kinds of
remote shells, if possible, or at least put a comment on it that it
only affects telnet.

Regards,

Simon Lodal

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com