Date: Wed, 04 Jan 2017 09:18:32 +0800 From: Ernie Luzar <luzar722@gmail.com> To: Maciej Suszko <maciej@suszko.eu> Cc: Ben Woods <woodsb02@gmail.com>, Polytropon <freebsd@edvax.de>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: how to allow user toor login through ssh Message-ID: <586C4D68.6000000@gmail.com> In-Reply-To: <20170103141838.4ada403b@helium> References: <5869ADFB.6080000@gmail.com> <20170102024359.aa82ae3e.freebsd@edvax.de> <5869F77D.5050106@gmail.com> <20170102172615.516dc912.freebsd@edvax.de> <CAOc73CCc_Yj_qAw2riDft=KdeNoKmHgOQOkeTLdse2pom_35FQ@mail.gmail.com> <20170103141838.4ada403b@helium>
next in thread | previous in thread | raw e-mail | index | archive | help
Maciej Suszko wrote: > On Tue, 3 Jan 2017 19:15:54 +0800 > Ben Woods <woodsb02@gmail.com> wrote: > >> The openssh daemon prevents login as root or toor (any user with UID >> 0) in the default configuration that ships with FreeBSD. >> >> This can be adjusted by setting the following in /etc/ssh/sshd_config: >> PermitRootLogin yes >> >> Note however, that it is not generally advisable to allow root or toor >> login via ssh, as this is a frequently attempted username for script >> kiddies and bots running random brute force attacks. Tread wisely. >> >> Regards, >> Ben > > However it's quite simple to restrict root login using Match block, for > example ;-) ... just leave 'no' globally. > > Match Address 10.0.0.0/27 > PermitRootLogin yes I like this solution. On my host I have changed ssh to us a high value port number back when I was on BSD REL 3.0 and have never had any failed login attacks of any kind. As the host administrator I am the only one using ssh on this 11.0 host. Using the ip address of my vacation home is just an added piece of security. Thanks for this information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?586C4D68.6000000>