From owner-freebsd-questions@freebsd.org Tue Jan 3 14:22:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7135C9DFF2 for ; Tue, 3 Jan 2017 14:22:06 +0000 (UTC) (envelope-from jmc-freebsd2@milibyte.co.uk) Received: from avasout08.plus.net (avasout08.plus.net [212.159.14.20]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7544A164C for ; Tue, 3 Jan 2017 14:22:05 +0000 (UTC) (envelope-from jmc-freebsd2@milibyte.co.uk) Received: from curlew.milibyte.co.uk ([80.229.31.82]) by avasout08 with smtp id TqJs1u0051mJoLY01qJt61; Tue, 03 Jan 2017 14:18:53 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.2 cv=CPNaZVjD c=1 sm=1 tr=0 a=cd0K7rcWwnZFf6xQxRobyA==:117 a=cd0K7rcWwnZFf6xQxRobyA==:17 a=kj9zAlcOel0A:10 a=IgFoBzBjUZAA:10 a=pGLkceISAAAA:8 a=_4CYdbnaJKxhOa0SsqkA:9 a=CjuIK1q_8ugA:10 a=6kGIvZw6iX1k4Y-7sg4_:22 Received: from curlew.lan ([192.168.1.13]) by curlew.milibyte.co.uk with esmtp (Exim 4.87_1) (envelope-from ) id 1cOPvQ-0001GH-2L for freebsd-questions@freebsd.org; Tue, 03 Jan 2017 14:18:52 +0000 Date: Tue, 3 Jan 2017 14:18:52 +0000 From: Mike Clarke To: freebsd-questions@freebsd.org Message-ID: <20170103141852.33e53a9a@curlew.lan> In-Reply-To: References: <5869ADFB.6080000@gmail.com> <20170102024359.aa82ae3e.freebsd@edvax.de> <5869F77D.5050106@gmail.com> <20170102172615.516dc912.freebsd@edvax.de> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.29; amd64-portbld-freebsd11.0) MIME-Version: 1.0 X-SA-Exim-Connect-IP: 192.168.1.13 X-SA-Exim-Mail-From: jmc-freebsd2@milibyte.co.uk X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on curlew.lan X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 Subject: Re: how to allow user toor login through ssh Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on curlew.milibyte.co.uk) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jan 2017 14:22:06 -0000 On Tue, 3 Jan 2017 19:15:54 +0800 Ben Woods wrote: > The openssh daemon prevents login as root or toor (any user with UID 0) in > the default configuration that ships with FreeBSD. > > This can be adjusted by setting the following in /etc/ssh/sshd_config: > PermitRootLogin yes > > Note however, that it is not generally advisable to allow root or toor > login via ssh, as this is a frequently attempted username for script > kiddies and bots running random brute force attacks. Tread wisely. If you intend to allow remote access for root via ssh then you're safer to generate good secure ssh keys and then configure sshd to enforce key-based authentication as the only login method by including the following in /etc/sshd/sshd_config PermitRootLogin without-password -- Mike Clarke