From owner-freebsd-stable  Fri Oct  5  8:53:38 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP id 0EB4F37B403
	for <stable@freebsd.org>; Fri,  5 Oct 2001 08:53:35 -0700 (PDT)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 15pXIV-00053V-00
	for stable@FreeBSD.org; Fri, 05 Oct 2001 17:53:59 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: stable@FreeBSD.org
Subject: Why sshd:PermitRootLogin = no ?
Date: Fri, 05 Oct 2001 17:53:59 +0200
Message-ID: <19436.1002297239@axl.seasidesoftware.co.za>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


Hi there,

Why is sshd's PermitRootLogin set to 'no' in the default installation of
FreeBSD?

The security gain for a brand new installation is questionable.  The
downside is that, when you have remote hands pressing the buttons for
you during the installation, an extra user has to be created by those
hands.

One slip creating that user, and now the remote operator has to LOG IN!
Things get worse and worse from here on. :-)

So, have I missed some really significant issue, or is this a grey area
in which the issues aren't clear enough for anyone to incite a change?

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message