On Mon, 20 Aug 2001, Tim Preston wrote:

> Brian Seklecki wibbled one day
>
> > Not to nitpick, but in a vacuum, you can ssh into a system as root, but
> > in production, you would probably never want to permit anyone to do that
> > (even/especically if you're using RSA/DSA key authentication).  The only
> > somewhat safe way I can see that implemented would be in combination
> > with hostname based ACLs.
>
> I've worked in a production environment where ssh as root via RSA
> key authentication was the main access into the boxes I was looking
> after (the only other acess methods were for use when that one wasn't
> usable). Given the particulars of that environment I agree with the
> policy.
>


..that would provide no way to enforce accountability.

This is the same reason telnet ships with root login disabled.

What if you were to see in your logs:

"login 'root' succeeded from server21.whatever.com" ...and that correlated
in time with a catastrophic failure of a system service?  Do you want to
go digging through log files because people are cascade sshing from
machine to machine on your network?

No, either pur regular users in group wheel and permit them to gain a root
shell when needed.

Most places implement 'sudo'.  You should never have a root shell
available.

Risk management, not avoidance.


--lava

>
> > In fact, I cast a vote for setting PermitRootLogin to FALSE in the
> > default sshd_config.
>
> Personally I don't think it's that clear cut, but we are only talking
> about a default shipping configuration here...
>
>
> --
> I'm back...
>
>

--Brian

 ----

"GNU/Linux: About as stable as the elements at the bottom of the periodic
table"