able to login as root via ssh :-(
Scot L. Harris
webid at cfl.rr.com
Tue Aug 8 02:57:37 UTC 2006
On Mon, 2006-08-07 at 22:33 -0400, Todd Zullinger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Don Russell wrote:
> >>Why? Just curious what made you believe it was disabled by default.
> >>
> >
> > Well.... just ignorance on my part.... but ftp doesn't allow me log
> > in as root, and I don't recall changing that setting. Call it "I
> > expected any form of remote access to be consistent in denying root
> > access". Of course they are different programs (ftp server/ssh
> > server)... and I always see messages that say "... ssh in, then su -
> > to root...." sort of implies that ssh to root directly won't work.
> > But again, abad assumption on my part. :-(
>
> It's not unreasonable to assume the default would be to disable it.
> I'm sure there have been debates on what the right default should be
> among the openssh developers. I didn't mean to pick on you by asking.
> ;-)
If I recall correctly from a discussion about this a long time ago, ssh
has root access enabled by default for those cases where the admin is
trying to install a system remotely. They would need a secure way to
log into the system as root in order to create user accounts. After
that it is up to the admin to secure ssh by disabling root access,
setting up keys, and restricting which accounts can access ssh to start
with as well as possibly changing the port ssh listens on.
This may have changed in recent install methods, but I believe that was
the argument provided awhile back for having root access enabled
initially.
More information about the fedora-list
mailing list