Date: Thu, 16 Sep 2004 13:50:32 -0400 From: Glenn Sieb <ges+lists@wingfoot.org> To: John DeStefano <john.destefano@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: increasing failed sshd logins/clearing breadcrumb trails Message-ID: <4149D268.6020305@wingfoot.org> In-Reply-To: <f2160e0d0409160740604b0a9f@mail.gmail.com> References: <f2160e0d0409160740604b0a9f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John DeStefano said the following on 9/16/2004 10:40 AM:
>>>The easiest way to protect this is to check your sshd_config and
>>>
>>>
>>set:
>>
>>
>>>PermitRootLogin no
>>>
>>>
>Interestingly, this option did not exist in my config file (I added
>it), but all other options were commented out. Is this the default?
>Is it wise to leave it this way?
>
>
Yes--it's in man sshd_config:
PermitRootLogin
Specifies whether root can login using ssh(1). The
argument must
be ``yes'', ``without-password'', ``forced-commands-only'' or
``no''. The default is ``no''. Note that if
ChallengeResponseAuthentication is ``yes'', the root user
may be
allowed in with its password even if PermitRootLogin is set to
``without-password''.
If this option is set to ``without-password'' password
authenti-
cation is disabled for root.
If this option is set to ``forced-commands-only'' root
login with
public key authentication will be allowed, but only if the
command option has been specified (which may be useful for
taking
remote backups even if root login is normally not allowed). All
other authentication methods are disabled for root.
If this option is set to ``no'' root is not allowed to login.
Best,
Glenn
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.
~Benjamin Franklin, Historical Review of Pennsylvania, 1759
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4149D268.6020305>