-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Don Russell wrote: >>Why? Just curious what made you believe it was disabled by default. >> > > Well.... just ignorance on my part.... but ftp doesn't allow me log > in as root, and I don't recall changing that setting. Call it "I > expected any form of remote access to be consistent in denying root > access". Of course they are different programs (ftp server/ssh > server)... and I always see messages that say "... ssh in, then su - > to root...." sort of implies that ssh to root directly won't work. > But again, abad assumption on my part. :-( It's not unreasonable to assume the default would be to disable it. I'm sure there have been debates on what the right default should be among the openssh developers. I didn't mean to pick on you by asking. ;-) > Now that it's pointed out to me, of course I see that. :-) Thank you. No problem. > One of these days I will learn how to do a case-insensitive search in > vim :-( > I did /root and of course it came up empty... so I figured there must > have been some other place... Add 'set ignorecase' to ~/.vimrc to make it ignore case by default. You can also do this while in vim by entering that (or the shorthand set ic) in command mode (:). To make case sensitive again, use set noic. You can do something similar with less so that you'll get case insensitive searches in man pages, which I've found quite helpful. The --ignore-case (or -i) option is what you want. You can either alias less to less -i or export LESS="-i" (adding any other options you want as well. >>You might also want to disable password based authentication and >>only allow a few explicit users. See PasswordAuthentication and >>AllowUsers in the sshd_config(5) man page. > > That's a good idea.... I'm the only one that needs remote access.... > and my logs are always showing people "knocking at the door" > sometimes hundreds a day. Yep, the same bastards knock on most of our doors too. :) Yet another helpful method for stopping a lot of that is to run ssh on a different port. > Thanks... now, if only it wouldn't bother asking for a password when > the userid is 'root'.. like ftp simply denies the request right > there. But, at least that little door is closed now. :-) It does on my system. I've set PasswordAuthentication no and AllowUsers myusername. Trying to ssh in as root gets me a quick permission denied message. - -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== If quitters never win, and winners never quit, then who is the fool who said "Quit while you're ahead?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQFDBAEBAgAtBQJE1/f6JhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzjx1gIAIEplNhDZCCBoEUQRGTgJRDlmg5/Z81Xm90E t4nCniOiZ+jBFa8vpuvadlC6yLwG80Iiw1WcsMweSixyHU1YlTqth5iHX5SGfaRi qtT09lE8gkWB2SyYaYUmOi+rzVCdJ87OPITZcuTqLcUUdlqYJxeNh6uH8Q5qiLzk KvUnwVS6t/JAYviyzciIm94Vj6iPtEc/ntc3pg8oYtd3vpDJQOjuQ80sOqycMtsd Estz+nteUbHx33tFTGlBTfwq5a3CmUzNig4mGt4CTpBCKTTUxiz5kCM8DlxTWmgs 423ku3flHfkFQzIJLZdWPMk+crJxdy67IbLo29/g1JALmTl+XpM= =Bmbs -----END PGP SIGNATURE-----