From owner-freebsd-questions@FreeBSD.ORG  Fri Feb  4 00:54:03 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B641C16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Feb 2005 00:54:03 +0000 (GMT)
Received: from post-24.mail.nl.demon.net (post-24.mail.nl.demon.net
	[194.159.73.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E2AB443D1D
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Feb 2005 00:54:02 +0000 (GMT)
	(envelope-from FreeBSD@amadeus.demon.nl)
Received: from amadeus.demon.nl ([82.161.18.200]:57968 helo=[10.0.1.1])
	by post-24.mail.nl.demon.net with esmtp (Exim 4.43)
	id 1CwrjW-000I4H-3C; Fri, 04 Feb 2005 00:54:02 +0000
In-Reply-To: <ef60af090502031604391fcbd6@mail.gmail.com>
References: <ef60af09050203143220daf9f9@mail.gmail.com>
	<4202B512.9080306@cis.strath.ac.uk>
	<ef60af09050203153670e8f27f@mail.gmail.com>
	<4202BC4E.4090809@cis.strath.ac.uk>
	<ef60af090502031604391fcbd6@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <bf55966e0db107001d1dd92afb1e62e2@amadeus.demon.nl>
Content-Transfer-Encoding: 7bit
From: FreeBSD questions mailing list <FreeBSD@amadeus.demon.nl>
Date: Thu, 3 Feb 2005 16:54:01 -0800
To: Gert Cuykens <gert.cuykens@gmail.com>
X-Mailer: Apple Mail (2.619.2)
cc: freebsd <freebsd-questions@freebsd.org>
Subject: Re: ssh default security risc
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2005 00:54:03 -0000

>>
>>>
>>> If they can hack the root they can defenatly hack a user account too.
>>> So i dont see any meaning of disabeling it.
>>
>> If they can hack root they own the system and can do what they like.  
>> By
>> disabling root you remove the option of this happening.  Instead they
>> have to try and compromise a user account.  Once they compromise the
>> user account, they then have to gain root access (assuming that is 
>> their
>> goal).  Why bother with the hassle.  There are plenty of machines out
>> there already with weak root passwords.  If a hacker really wants into
>> your system he will find a way.
>>
>> Chris
>
> True but the point is without the ssh root enabled there is nothing
> you can do about it to stop them if they change your user password
>
You really need to look at it from a different point of view...
If you want to prevent people from breaking into your car you lock the 
doors.
Don't say "If they break the locks and get in, I can't use my key 
anymore. So keep the doors unlocked", do you?
My point of view...
Arno