|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [suse-security] /etc/sshd_config wize to change
From: Joop Boonen (jboonen
worldonline.nl)Date: Tue Apr 11 2000 - 00:55:44 CDT
- Next message: Ragnar Beer: "[suse-security] Invisible X?"
- Previous message: Roman Drahtmueller: "Re: [suse-security] /etc/sshd_config wize to change"
- In reply to: Simon Lodal: "Re: [suse-security] /etc/sshd_config wize to change"
- Reply: Joop Boonen: "Re: [suse-security] /etc/sshd_config wize to change"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear all,
Maybe it would be best that the no root log in will change the setting
for ssh and rsh to? Via yast that is, and SuSEconfig. I think that would
be a good move.
Regards,
Joop Boonen.
Simon Lodal wrote:
>
> > the rationale behind this is that it should be possible to log on to a
> > freshly installed machine in some way. Since the root account is the
> only
> > one upon completion of the installation to have a valid password, the
> > setting is "yes". If there should be any remote access after a fresh
> > installation at all, then it is considered safest to use ssh.
>
> > Please note that the settings include
> > PermitEmptyPasswords no # in both openssh and ssh
>
> > which means that the admin is protected against himself in terms of
> > passwords related to remote logins. Anything more would be
> uncivilized.
>
> > Please disable the option on your own if you feel uncomfortable with
> it. I
> > bet that thousands of users would complain if this detail is changed.
>
> What is confusing is the rc.config setting ROOT_LOGIN_REMOTE. It only
> covers telnet, which no sane security minded person would use anyway.
> The comments does not indicate this however, so one might think that
> no remote login was possible at all when this is set to "no", very
> ufortunate!
>
> It would seem logical to let ROOT_LOGIN_REMOTE affect all kinds of
> remote shells, if possible, or at least put a comment on it that it
> only affects telnet.
>
> Regards,
>
> Simon Lodal
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
- Next message: Ragnar Beer: "[suse-security] Invisible X?"
- Previous message: Roman Drahtmueller: "Re: [suse-security] /etc/sshd_config wize to change"
- In reply to: Simon Lodal: "Re: [suse-security] /etc/sshd_config wize to change"
- Reply: Joop Boonen: "Re: [suse-security] /etc/sshd_config wize to change"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]