Date: Tue, 23 Nov 2004 00:07:28 -0500 From: Ivan Georgiev <georgiev@vt.edu> To: freebsd-questions@freebsd.org Subject: Re: NEW: cannot ssh to my computer Message-ID: <200411230007.28877.georgiev@vt.edu> In-Reply-To: <20041122234302.538594d0@localhost> References: <200411201921.27880.georgiev@vt.edu> <200411222237.19660.georgiev@vt.edu> <20041122234302.538594d0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I guess I have put this > > -:wheel:ALL EXCEPT LOCAL > > in /etc/login.access but had no recollection of doing it. After > > commenting it out the problem is gone. > > hello again ivan, > > fwiw, your 'problem' may actually be better than your 'solution'. with > all the script kiddies who are running ssh brute force attempts against > the root user account (check your logs), it is wise to use 'su' or > 'sudo' to elevate your priveleges on that box, rather than logging in > as root. > > naturally, you can harden ssh somewhat and even restrict logins by > ip addy in login.access, but if you're not doing that, i humbly suggest > that you think twice about enabling root ssh to your box. I have "AllowUsers ****" in /etc/ssh/sshd_config and root in not one of them. So, even though the members of the wheel group are allowed to ssh remotely, the root account is not compromised. Is that right? I tried, just to check, to ssh as root but cannot, the log says "User root not allowed because not listed in AllowUsers...". Let me know if I am wrong. Thanks again, Ivan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411230007.28877.georgiev>