Subject: Re: Can't SSH into 1.6 as root
To: Dan <kasper37@netzero.com>
From: Bill Studenmund <wrstuden@netbsd.org>
List: port-macppc
Date: 10/01/2002 11:00:49
On Mon, 30 Sep 2002, Dan wrote:

> As of 1.6 (actually some time before 1.6 but I forget exactly when) root
> logins via ssh are not permitted. If you want to enable them you can add
> this line to your /etc/sshd.conf:
>
> PermitRootLogin         yes
>
> but it is NOT recommended. The reason this has been changed is because there
> is no reason you shouldn't be logging in as a regular user who's in the
> wheel group and then su'ing to root when needed.

The reason root login is bad is that there's much less accounting record
(you don't have the su logged).

There is however a good reason to permit root login (if you choose to;
make your own choice and go from there). Even though the characters you
type when entering the root password (to su) are encrypted, the time delay
between them is visable. There is an attack which uses that info to reduce
the difficulty of breaking the root password. From knowing how people
type, you can break the keyboard into zones, and get a feel for which
zones differnt keys are in. Then rather than scan the whole alphabet, you
can brute-force a reduced space.

Take care,

Bill