From owner-freebsd-questions  Wed Mar 18 09:49:07 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA20231
          for freebsd-questions-outgoing; Wed, 18 Mar 1998 09:49:07 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from mph124.rh.psu.edu (mph@MPH124.rh.psu.edu [128.118.126.83])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA20225
          for <freebsd-questions@FreeBSD.ORG>; Wed, 18 Mar 1998 09:49:01 -0800 (PST)
          (envelope-from mph@mph124.rh.psu.edu)
Received: (from mph@localhost)
	by mph124.rh.psu.edu (8.8.8/8.8.8) id MAA10319;
	Wed, 18 Mar 1998 12:48:42 -0500 (EST)
	(envelope-from mph)
Message-ID: <19980318124840.13094@mph124.rh.psu.edu>
Date: Wed, 18 Mar 1998 12:48:40 -0500
From: Matthew Hunt <mph@pobox.com>
To: Mark Castillo <markc@Relationships.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: ssh and root logins. can you disable?
Mail-Followup-To: Mark Castillo <markc@Relationships.com>,
	freebsd-questions@FreeBSD.ORG
References: <199803181036.FAA24117@ Relationships.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89i
In-Reply-To: <199803181036.FAA24117@ Relationships.com>; from Mark Castillo on Wed, Mar 18, 1998 at 09:37:36AM -0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Mar 18, 1998 at 09:37:36AM -0800, Mark Castillo wrote:

> currently, my ssh installation allows root to login remotely.  Is this ok?
> Or is there a way do disable remote logins via ssh for root?

Well, I'm sure it's okay for some folks, and unacceptable to others.
At least ssh won't be sending the root password in cleartext over
the net, but you may still prefer that administrators have to "su"
to become root.

If you want to disable root logins, then add:

PermitRootLogin no

to /usr/local/etc/sshd_config, and restart sshd.  There may
already be a "PermitRootLogin yes" line, in which case you should
just change the "yes" to "no".

-- 
Matthew Hunt <mph@pobox.com> * Think locally, act globally.
http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message