Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Jul 2007 19:27:38 +0000
From:      Pollywog <lists-fbsd@shadypond.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: connecting user root with ssh
Message-ID:  <200707241927.38359.lists-fbsd@shadypond.com>
In-Reply-To: <20070724213326.5e8aa27d@localhost>
References:  <11066.217.114.136.135.1180427946.squirrel@llca513-a.servidoresdns.net> <465d3e9e.uyoP2YaUttmVs6ON%perryh@pluto.rain.com> <20070724213326.5e8aa27d@localhost>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tuesday 24 July 2007 11:33:26 Norberto Meijome wrote:
> On Wed, 30 May 2007 02:06:38 -0700
>
> perryh@pluto.rain.com wrote:
> > * If "root" cannot log in remotely, a cracker has to guess three
>
> guess or brute force - so  quite long random passwords (or ssh keys) are
> extremely recommendable.
>
> >   things to obtain root access, instead of just one:
> >
> >   + A valid username which is in the "wheel" group;
> >   + That user's password;
> >   + The root password.
>
> that is assuming, of course, that the user your just logged in with belongs
> to wheel.

If one must allow root logins via ssh, I recommend in sshd_config:

PermitRootLogin without-password

This will force the use of a passphrase and disallow root login with just a 
password.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200707241927.38359.lists-fbsd>