From owner-freebsd-questions Fri Nov 2 1: 0:37 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id A0DC237B405 for ; Fri, 2 Nov 2001 01:00:35 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA2908B66658; Fri, 2 Nov 2001 10:00:08 +0100 (CET) Message-ID: <00d801c1637c$d3264640$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Erik Trulsson" Cc: "Mike Meyer" , References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> Subject: Re: Lockdown of FreeBSD machine directly on Net Date: Fri, 2 Nov 2001 10:00:28 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Erik writes: > You should not log in directly as root. What > you should do is login as a normal user and > then use 'su' to become root. Since everyone keeps telling me this, I guess this is what I'll do. However, I'd still like to know what has to be done to make SSH work for root logins. The "Sorry, you are not allowed to connect" message must be coming from somewhere, and it seems to be specific to root. I've restarted sshd (in fact, I've restarted the system), so it's not that. > This requires that the user you login as is > in the 'wheel' group. And if I add that user to wheel, does that open up any other holes? Doesn't wheel have a lot of permissions on a lot of files? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message