Re: connecting user root with ssh
On Wed, 30 May 2007 02:06:38 -0700
[EMAIL PROTECTED] wrote:
* If root cannot log in remotely, a cracker has to guess three
guess or brute force - so quite long random passwords (or ssh keys) are
extremely recommendable.
things to obtain root access, instead of just one:
+ A valid username which is in the wheel group;
+ That user's password;
+ The root password.
that is assuming, of course, that the user your just logged in with belongs to
wheel.
_
{Beto|Norberto|Numard} Meijome
The only good bureaucrat is one with a pistol at his head.
Put it in his hand and it's goodbye to the Bill of Rights.
H.L. Mencken
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting user root with ssh
On Tuesday 24 July 2007 11:33:26 Norberto Meijome wrote: On Wed, 30 May 2007 02:06:38 -0700 [EMAIL PROTECTED] wrote: * If root cannot log in remotely, a cracker has to guess three guess or brute force - so quite long random passwords (or ssh keys) are extremely recommendable. things to obtain root access, instead of just one: + A valid username which is in the wheel group; + That user's password; + The root password. that is assuming, of course, that the user your just logged in with belongs to wheel. If one must allow root logins via ssh, I recommend in sshd_config: PermitRootLogin without-password This will force the use of a passphrase and disallow root login with just a password. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting user root with ssh
How can I change the ssh port? Thanks Troy http://dominor.com On 7/24/07, Pollywog [EMAIL PROTECTED] wrote: On Tuesday 24 July 2007 11:33:26 Norberto Meijome wrote: On Wed, 30 May 2007 02:06:38 -0700 [EMAIL PROTECTED] wrote: * If root cannot log in remotely, a cracker has to guess three guess or brute force - so quite long random passwords (or ssh keys) are extremely recommendable. things to obtain root access, instead of just one: + A valid username which is in the wheel group; + That user's password; + The root password. that is assuming, of course, that the user your just logged in with belongs to wheel. If one must allow root logins via ssh, I recommend in sshd_config: PermitRootLogin without-password This will force the use of a passphrase and disallow root login with just a password. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting user root with ssh
In /etc/ssh/sshd_config uncomment Port 22 and change it. On 7/24/07, Hakan K [EMAIL PROTECTED] wrote: How can I change the ssh port? Thanks Troy http://dominor.com On 7/24/07, Pollywog [EMAIL PROTECTED] wrote: On Tuesday 24 July 2007 11:33:26 Norberto Meijome wrote: On Wed, 30 May 2007 02:06:38 -0700 [EMAIL PROTECTED] wrote: * If root cannot log in remotely, a cracker has to guess three guess or brute force - so quite long random passwords (or ssh keys) are extremely recommendable. things to obtain root access, instead of just one: + A valid username which is in the wheel group; + That user's password; + The root password. that is assuming, of course, that the user your just logged in with belongs to wheel. If one must allow root logins via ssh, I recommend in sshd_config: PermitRootLogin without-password This will force the use of a passphrase and disallow root login with just a password. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting user root with ssh
you are warned, do not allow SSH to your box with user root at all. ... Having root logon enabled remotely is just asking for trouble. The O.P. might be interested in knowing *why* allowing remote root login is considered unwise: * The name root is very well known. * If root can log in remotely, a cracker need only guess root's password to obtain root access. * If root cannot log in remotely, a cracker has to guess three things to obtain root access, instead of just one: + A valid username which is in the wheel group; + That user's password; + The root password. This at least doubles the difficulty of a brute-force attack: even if a suitable username were obvious, there would still be two passwords to be cracked. It can be made even tougher by having only one username (other than root) in the wheel group, choosing that name as if it were a password, and not allowing it to be externally known (e.g. never using it for mail). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
connecting user root with ssh
Hi all I was trying to connect to my FreeBSD 6.2 box with SSH with PUTTY by several days with the user root and nothing happens, only a denied password from FBSD, and a timeout close connection. But, a flash came to my mind ;D and then I tried to connect by a different user and... voila, ssh connections came alive !!.. My question is: if root user is locked to connect by ssh (I think it maybe logic, but..) If it is so, how can I make an user that has same priviliges as root (I beg your pardon for this newbie question...) I think that wheel group is ok but what more?.. The think is that I need to connect to my FBSD box from outside the office in a secure manner and control it,... well, surely you know this ;D Thanks in advance The more I learn FreeBSD, the more I love it Juan Coruña Desarrollo de Software Atlantico ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting user root with ssh
On 5/29/07, DSA - JCR [EMAIL PROTECTED] wrote: Hi all I was trying to connect to my FreeBSD 6.2 box with SSH with PUTTY by several days with the user root and nothing happens, only a denied password from FBSD, and a timeout close connection. But, a flash came to my mind ;D and then I tried to connect by a different user and... voila, ssh connections came alive !!.. My question is: if root user is locked to connect by ssh (I think it maybe logic, but..) If it is so, how can I make an user that has same priviliges as root (I beg your pardon for this newbie question...) I think that wheel group is ok but what more?.. The think is that I need to connect to my FBSD box from outside the office in a secure manner and control it,... well, surely you know this ;D Thanks in advance The more I learn FreeBSD, the more I love it Juan Coruña Desarrollo de Software Atlantico Hello, You can create a user and add the user into the wheel in /etc/group It's not recommended to ssh to the box using root, use su after you log to the shell. If you are insist to ssh as root which is disabled by default in sshd_config, you can uncomment it, you are warned, do not allow SSH to your box with user root at all. -- Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting user root with ssh
O/H Abdullah Ibn Hamad Al-Marri έγραψε: Hello, You can create a user and add the user into the wheel in /etc/group It's not recommended to ssh to the box using root, use su after you log to the shell. If you are insist to ssh as root which is disabled by default in sshd_config, you can uncomment it, you are warned, do not allow SSH to your box with user root at all. ...and along the way you will want to install denyhosts or key authentication... Having root logon enabled remotely is just asking for trouble. -- RTFM and STFW before anything bad happens _ Thanos Rizoulis Electronic Computing Systems Engineer Larissa, Greece FreeBSD/PCBSD user ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting user root with ssh
On Tue, May 29, 2007 at 08:39:06AM -, DSA - JCR wrote: Hi all I was trying to connect to my FreeBSD 6.2 box with SSH with PUTTY by several days with the user root and nothing happens, only a denied password from FBSD, and a timeout close connection. But, a flash came to my mind ;D and then I tried to connect by a different user and... voila, ssh connections came alive !!.. My question is: if root user is locked to connect by ssh (I think it maybe logic, but..) That is the default and best practice. If it is so, how can I make an user that has same priviliges as root (I beg your pardon for this newbie question...) I think that wheel group is ok but what more?.. If you include your id in the wheel group (add it to the wheel line in the /etc/group file), then you can log in with that id. Once you have logged in, then you can 'su' to root if you know the root password. The think is that I need to connect to my FBSD box from outside the office in a secure manner and control it,... well, surely you know this ;D Yes, use ssh to first get logged in. Then use su to go to root. It is more secure that way. Alternatively, you can use sudo to create a set of things you can do from your non-root account without logging in as root. That is probably even safer. sudo is in ports. jerry Thanks in advance The more I learn FreeBSD, the more I love it Juan Coruña Desarrollo de Software Atlantico ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
