Subject: Re: sshd Change: PermitRootLogin = no
To: None <>
From: Brian Hechinger <>
List: tech-security
Date: 08/31/2001 18:46:29
> 	do you really want to change the DEFAULT behavior, or do you happy with
> 	changing sshd.conf locally?  i don't see your point.  if you believe
> 	secure shell protocol is secure enough, it should be okay to set
> 	PermitRootLogin to yes.  if there's any buffer overrun or other
> 	vulnerability, root privilege will get compromized anyways regardless
> 	from PermitRootLogin.  what kind of middle ground are you aiming for?

the middle ground of extreme caution.  you see, for me, it would mean that i
*don't* have to edit sshd.conf since i turn root login off on all my machines.

given a choice, i'll err in favor of caution every time.