On Wed, Aug 25, 2004 at 12:42:18PM -0700, larry price wrote: > On Wed, 25 Aug 2004 12:23:53 -0700 (PDT), Jason <[EMAIL PROTECTED]> wrote: > > Unfortunately, the default for openssh is yes for > > PermitRootLogin. My experience is that most folks > > don't perform a lot of sshd configuration - if it > > works out of the box, they go with it. > > > > hmm default on FreeBSD is no > but on OSX it's yes > > don't have a debian or gentoo box handy to check > it's in /etc/sshd_config or /etc/ssh/sshd_config > depending > > permitting remote root logins over ssh seems like a bad default > although the usual solution I've seen (multiple admins and > unrestricted sudo access, i.e. shared root) is no better, and in fact > may be worse in that there are multiple tokens which could be > compromised to gain all privs.
PermitRootLogin is on by default so that freshly installed machines can be accessed and configured ... datacenter does default install (which only takes a few minutes with a sane OS), datacenter gives client root password. -- <[EMAIL PROTECTED]> _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug