Subject: Re: sshd Change: PermitRootLogin = no
To: None <itojun@iijlab.net>
From: Brian Hechinger <wonko@arkham.ws>
List: tech-security
Date: 08/31/2001 18:46:29
> do you really want to change the DEFAULT behavior, or do you happy with
> changing sshd.conf locally? i don't see your point. if you believe
> secure shell protocol is secure enough, it should be okay to set
> PermitRootLogin to yes. if there's any buffer overrun or other
> vulnerability, root privilege will get compromized anyways regardless
> from PermitRootLogin. what kind of middle ground are you aiming for?
the middle ground of extreme caution. you see, for me, it would mean that i
*don't* have to edit sshd.conf since i turn root login off on all my machines.
given a choice, i'll err in favor of caution every time.
-brian