Date: Fri, 5 Oct 2001 13:46:46 -0400 From: The Anarcat <anarcat@anarcat.dyndns.org> To: Brandon Fosdick <bfoz@glue.umd.edu> Cc: stable@FreeBSD.ORG Subject: Re: Why sshd:PermitRootLogin = no ? Message-ID: <20011005134645.A7287@shall.anarcat.dyndns.org> In-Reply-To: <3BBDF0E9.20BA0F56@glue.umd.edu> References: <19436.1002297239@axl.seasidesoftware.co.za> <20011005120139.D10847@pir.net> <3BBDF0E9.20BA0F56@glue.umd.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable You must be talking about a vulnerability which allows an attacker to "guess" the *length* of a string being passed in an SSH connection. This has been fixed, for what I know. And IIRC, if you use UseLogin=3Dyes, probably that it doesn't make a difference wether you su or login root. A. On Fri Oct 05, 2001 at 01:42:01PM -0400, Brandon Fosdick wrote: > Peter Radcliffe wrote: > >=20 > > Sheldon Hearn <sheldonh@starjuice.net> probably said: > > > Why is sshd's PermitRootLogin set to 'no' in the default installation= of > > > FreeBSD? > >=20 > > Because it's sensible. >=20 > Given the semi-recent articles on determining passwords from sniffed ssh = packets > which is least secure? Allowing remote root logins over ssh or su'ing to = root? > It's my understanding that the aforementioned sniffing method doesn't wor= k on > the initial ssh login, only on passwords typed after that (i.e. while su'= ing).=20 >=20 > It seems to me that neither method is all that secure, so maybe the defau= lt > should be based on convenience? >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Pour information voir http://www.gnupg.org iEYEARECAAYFAju98gQACgkQttcWHAnWiGeG/gCcDIzSc3zMceJwqAh212NXiRK1 hWgAnRqrtyGF1fJe/BIgnG+/F5oQjiL6 =rJHI -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011005134645.A7287>