Todd Zullinger wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Don Russell wrote:
Why? Just curious what made you believe it was disabled by default.
Well.... just ignorance on my part.... but ftp doesn't allow me log
in as root, and I don't recall changing that setting. Call it "I
expected any form of remote access to be consistent in denying root
access". Of course they are different programs (ftp server/ssh
server)... and I always see messages that say "... ssh in, then su -
to root...." sort of implies that ssh to root directly won't work.
But again, abad assumption on my part. :-(
It's not unreasonable to assume the default would be to disable it.
I'm sure there have been debates on what the right default should be
among the openssh developers. I didn't mean to pick on you by asking.
;-)
No offense taken... I often ask "why did you think that" to people, not
as a criticism, but to see what they were thinking. Some times people
reach certain conclusions, but have really convoluted thinking/path to
get there. In my case, (above) I simply made a bad assumption, and
missed the (now) obvious correction.
One of these days I will learn how to do a case-insensitive search in
vim :-(
I did /root and of course it came up empty... so I figured there must
have been some other place...
Add 'set ignorecase' to ~/.vimrc to make it ignore case by default.
You can also do this while in vim by entering that (or the shorthand
set ic) in command mode (:). To make case sensitive again, use set
noic.
Thanks for that.... I like case insensitive searches by default.... it's
very rare that I match on exact case... and it's always easy to just
"nope, find next".
You can do something similar with less so that you'll get case
insensitive searches in man pages, which I've found quite helpful.
The --ignore-case (or -i) option is what you want. You can either
alias less to less -i or export LESS="-i" (adding any other options
you want as well.
That's a good idea too....
You might also want to disable password based authentication and
only allow a few explicit users. See PasswordAuthentication and
AllowUsers in the sshd_config(5) man page.
That's a good idea.... I'm the only one that needs remote access....
and my logs are always showing people "knocking at the door"
sometimes hundreds a day.
Yep, the same bastards knock on most of our doors too. :)
Yet another helpful method for stopping a lot of that is to run ssh on
a different port.
I'm not a big fan of that ... I like to use standard ports for things...
to me, changing port numbers is little more than leaving the door key
under the flower pot instead of under the mat. :-) Granted, there are
approx 65000 flowerpots to choose from. :-)
If a would-be hacker is put off so easily as a port number change, they
are probably harmless anyway. :-)
Thanks... now, if only it wouldn't bother asking for a password when
the userid is 'root'.. like ftp simply denies the request right
there. But, at least that little door is closed now. :-)
It does on my system. I've set PasswordAuthentication no and
AllowUsers myusername. Trying to ssh in as root gets me a quick
permission denied message.
I'll check that out.... thanks.