On Mon 27 Jan 2014 at 20:24:42 -0800, Jon Danniken wrote: > I recently came across a posting by an individual who got his > Debian machine compromised due to a number of security problems, one of > which was the default installation and running of sshd with > "PermitRootLogin = > Yes". in /etc/ssh/sshd_config.
These types of posts are not unusual; what they all generally have in common is a lack of detail and any evidence that "PermitRootLogin = Yes" in itself is the cause. Having introduced a FUD factor it is now easier to promote alternatives without having to justify them. > So I checked the Debian installation that I put on my laptop a month ago > (from the Wheezy net install CD), and sure enough I had the same > vulnerability "PermitRootLogin = Yes" is upstream's (and Debian's) default setting; it is not an insecure one. You could introduce an insecurity by using "password1" as the root password. > (I fixed it by changing the "PermitRootLogin" value). If you have a strong password for the root login you wouldn't have fixed anything. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140128115719.gi3...@copernicus.demon.co.uk
