LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Broadband querry

[ILUG] Broadband querry

Gavin McCullagh ilug_gmc at fiachra.ucd.ie
Mon Mar 8 18:19:14 GMT 2004 

Hi,

On Mon, 08 Mar 2004, Rick Moen wrote:

> Quoting Liam Bedford (lbedford at lbedford.org):
> 
> > FreeBSD doesn't allow login to root, but debian (in particular
> > libranet, don't have a pure debian box) does.
> 
> Debian as installed here has remote ssh login directly to the root account 
> _disabled_.  

Well, I hate to say it but I'm running debian sarge on two different
machines and I've checked the config which had in both cases
(/etc/ssh/sshd_config):

PermitRootLogin yes

I've check two of a colleagues debian machines (one stable and one testing,
installed in the past six months) to which I have a login and again both
allow root logins as above.  Actually I think in all cases openssh is
pinned back to stable so that security updates come through quickly syaing
testing is a red herring.  Might this policy have changed in sarge Rick?
Or is this another of my all too common misunderstandings.

I'm sure I haven't changed this setting.  I extracted out the control stuff
from the ssh .deb off heanet and

gavin at robin:/tmp# grep -i root DEBIAN/*
DEBIAN/postinst:PermitRootLogin yes
DEBIAN/templates: root, and therefore reduces the impact of security holes in sshd.
DEBIAN/templates: PAM session modules that need to run as root (pam_mkhomedir, for
DEBIAN/templates: root, and therefore reduces the impact of security holes in sshd.
DEBIAN/templates: PAM session modules that need to run as root (pam_mkhomedir, for
DEBIAN/templates: 'PermitRootLogin' to yes (meaning that anyone knowing the root password can
DEBIAN/templates: ssh directly in as root). It is the opinion of the maintainer that this is
DEBIAN/templates:Description: Do you want /usr/lib/ssh-keysign to be installed SUID root?

The same appears to be true in the sarge version.

Gavin
Who's off to edit those configs.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.linux.ie/pipermail/ilug/attachments/20040308/a64e464d/attachment.pgp

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell