[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] URGENT: Cannot su - while being admin
- Subject: Re: [cobalt-users] URGENT: Cannot su - while being admin
- From: flash22@xxxxxxx
- Date: Wed Jan 16 21:32:50 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Wed, 16 Jan 2002, Jeff Lasman wrote:
>
> Sorry, but this is nothing more or less than FUD.
>
> There's NO reason not to ssh as root. In fact, by default, ssh allows
> log-in by root. If you don't believe it, just try it.
Not on all platforms it doesn't...
I'm going to respectfully disagree on this one, and point out a few other
people who seem to have the same opinion...
http://www.linuxjournal.com/article.php?sid=5672
"don't allow root logins via ssh
directly, instead force users to login as a
regular user and use "su" to root. This will
help stem several attacks before they can even begin."
http://www.linuxdoc.org/HOWTO/Security-HOWTO-4.html
"here is no need to be able to login directly as root. "
http://www.debian.org/doc/manuals/securing-debian-howto/ap-checklist.en.html
"Disable network root login; use su(1) ..."
http://www.linuxdoc.org/HOWTO/Virtual-Services-HOWTO-13.html
"There is never an acceptable
time to allow root login's either through telnet or ssh. Doing so is
simply an invitation to disaster."
"No responsible administrator would ever do otherwise "
http://www.boran.com/security/unix2.html (IT Security Cookbook)
"Direct root login should not be possible over the network "
'best practices guidlines'
www.lbl.gov/ITSD/Security/docs/linux_guidelines.rtf
"Require that root users su to root from their user account rather
than logging in directly as root for accountability.Configure the
system to not allow root login over the network if possible."
gsh