-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Don Russell wrote: > FC5 > openssh-4.3p2-4 > > I was surprised to find that I can log in as root via ssh from my > Windows machine to my FC5 box. Why? Just curious what made you believe it was disabled by default. > I've always used ssh to log in as a user then 'su -' .... > > I don't see anything in /etc/ssh/sshd_config to prevent that, or > enable it for that matter? Line 39 in the default /etc/ssh/sshd_config: #PermitRootLogin yes The comments at the top indicate that commented values should represent the defaults. > What do I need to change so root can't be logged in via ssh? Or is > it letting me because it recognizes a key? Uncomment the above line and change yes to no. You might also want to disable password based authentication and only allow a few explicit users. See PasswordAuthentication and AllowUsers in the sshd_config(5) man page. - -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== A good scapegoat is almost as good as a solution. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQFDBAEBAgAtBQJE1+GhJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzjLMoIALtgqUiyeRysnApuSOZrCZi5kq5cyUdCuXBy 9Py8oNJgKAwywPb7neqgQ9ZE+5of7hz2P2xtqhxyMk1HzwNCcIZTCwz5Z0x/EG66 QXZ5fJtncBzdolMmcVhoJ7YmEueomRi/2BTvYzD9rXw/I/OqSz80ujSM3zaeDHCR nxZOS/IaF95v+WNoqdCs2ioO5hGai3xkiUCwp+1+qJGbw6rPe/at6oOAzeSMMoG2 ysqLFolOhAnWEJcrH8fIvGi6cenkpXzVSeqyJkWlJtZ540HInCiVwcx2CVtUv4dv H37dC3OamdTtqlUh2BIg8hhZ08jTX5ZLP0PIN8aatNhLM2THG7Y= =Fekq -----END PGP SIGNATURE-----