Re: able to login as root via ssh :-(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don Russell wrote:
>>Why?  Just curious what made you believe it was disabled by default.
>>  
> 
> Well.... just ignorance on my part.... but ftp doesn't allow me log
> in as root, and I don't recall changing that setting. Call it "I
> expected any form of remote access to be consistent in denying root
> access". Of course they are different programs (ftp server/ssh
> server)... and I always see messages that say "... ssh in, then su -
> to root...." sort of implies that ssh to root directly won't work.
> But again, abad assumption on my part. :-(

It's not unreasonable to assume the default would be to disable it.
I'm sure there have been debates on what the right default should be
among the openssh developers.  I didn't mean to pick on you by asking.
;-)

> Now that it's pointed out to me, of course I see that. :-) Thank you.

No problem.

> One of these days I will learn how to do a case-insensitive search in 
> vim :-(
> I did /root and of course it came up empty... so I figured there must 
> have been some other place...

Add 'set ignorecase' to ~/.vimrc to make it ignore case by default.
You can also do this while in vim by entering that (or the shorthand
set ic) in command mode (:).  To make case sensitive again, use set
noic.

You can do something similar with less so that you'll get case
insensitive searches in man pages, which I've found quite helpful.
The --ignore-case (or -i) option is what you want.  You can either
alias less to less -i or export LESS="-i" (adding any other options
you want as well.

>>You might also want to disable password based authentication and
>>only allow a few explicit users.  See PasswordAuthentication and
>>AllowUsers in the sshd_config(5) man page.
> 
> That's a good idea.... I'm the only one that needs remote access....
> and my logs are always showing people "knocking at the door"
> sometimes hundreds a day.

Yep, the same bastards knock on most of our doors too. :)

Yet another helpful method for stopping a lot of that is to run ssh on
a different port.

> Thanks... now, if only it wouldn't bother asking for a password when
> the userid is 'root'.. like ftp simply denies the request right
> there. But, at least that little door is closed now. :-)

It does on my system.  I've set PasswordAuthentication no and
AllowUsers myusername.  Trying to ssh in as root gets me a quick
permission denied message.

- -- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
If quitters never win, and winners never quit, then who is the fool
who said "Quit while you're ahead?"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQFDBAEBAgAtBQJE1/f6JhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90
bXouYXNjAAoJEEMlk4u+rwzjx1gIAIEplNhDZCCBoEUQRGTgJRDlmg5/Z81Xm90E
t4nCniOiZ+jBFa8vpuvadlC6yLwG80Iiw1WcsMweSixyHU1YlTqth5iHX5SGfaRi
qtT09lE8gkWB2SyYaYUmOi+rzVCdJ87OPITZcuTqLcUUdlqYJxeNh6uH8Q5qiLzk
KvUnwVS6t/JAYviyzciIm94Vj6iPtEc/ntc3pg8oYtd3vpDJQOjuQ80sOqycMtsd
Estz+nteUbHx33tFTGlBTfwq5a3CmUzNig4mGt4CTpBCKTTUxiz5kCM8DlxTWmgs
423ku3flHfkFQzIJLZdWPMk+crJxdy67IbLo29/g1JALmTl+XpM=
=Bmbs
-----END PGP SIGNATURE-----


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux