able to login as root via ssh :-(
Todd Zullinger
tmz at pobox.com
Tue Aug 8 02:33:30 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Don Russell wrote:
>>Why? Just curious what made you believe it was disabled by default.
>>
>
> Well.... just ignorance on my part.... but ftp doesn't allow me log
> in as root, and I don't recall changing that setting. Call it "I
> expected any form of remote access to be consistent in denying root
> access". Of course they are different programs (ftp server/ssh
> server)... and I always see messages that say "... ssh in, then su -
> to root...." sort of implies that ssh to root directly won't work.
> But again, abad assumption on my part. :-(
It's not unreasonable to assume the default would be to disable it.
I'm sure there have been debates on what the right default should be
among the openssh developers. I didn't mean to pick on you by asking.
;-)
> Now that it's pointed out to me, of course I see that. :-) Thank you.
No problem.
> One of these days I will learn how to do a case-insensitive search in
> vim :-(
> I did /root and of course it came up empty... so I figured there must
> have been some other place...
Add 'set ignorecase' to ~/.vimrc to make it ignore case by default.
You can also do this while in vim by entering that (or the shorthand
set ic) in command mode (:). To make case sensitive again, use set
noic.
You can do something similar with less so that you'll get case
insensitive searches in man pages, which I've found quite helpful.
The --ignore-case (or -i) option is what you want. You can either
alias less to less -i or export LESS="-i" (adding any other options
you want as well.
>>You might also want to disable password based authentication and
>>only allow a few explicit users. See PasswordAuthentication and
>>AllowUsers in the sshd_config(5) man page.
>
> That's a good idea.... I'm the only one that needs remote access....
> and my logs are always showing people "knocking at the door"
> sometimes hundreds a day.
Yep, the same bastards knock on most of our doors too. :)
Yet another helpful method for stopping a lot of that is to run ssh on
a different port.
> Thanks... now, if only it wouldn't bother asking for a password when
> the userid is 'root'.. like ftp simply denies the request right
> there. But, at least that little door is closed now. :-)
It does on my system. I've set PasswordAuthentication no and
AllowUsers myusername. Trying to ssh in as root gets me a quick
permission denied message.
- --
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
If quitters never win, and winners never quit, then who is the fool
who said "Quit while you're ahead?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQFDBAEBAgAtBQJE1/f6JhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90
bXouYXNjAAoJEEMlk4u+rwzjx1gIAIEplNhDZCCBoEUQRGTgJRDlmg5/Z81Xm90E
t4nCniOiZ+jBFa8vpuvadlC6yLwG80Iiw1WcsMweSixyHU1YlTqth5iHX5SGfaRi
qtT09lE8gkWB2SyYaYUmOi+rzVCdJ87OPITZcuTqLcUUdlqYJxeNh6uH8Q5qiLzk
KvUnwVS6t/JAYviyzciIm94Vj6iPtEc/ntc3pg8oYtd3vpDJQOjuQ80sOqycMtsd
Estz+nteUbHx33tFTGlBTfwq5a3CmUzNig4mGt4CTpBCKTTUxiz5kCM8DlxTWmgs
423ku3flHfkFQzIJLZdWPMk+crJxdy67IbLo29/g1JALmTl+XpM=
=Bmbs
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list