Re: ssh V1 / RootLogin disable [was: Building OpenSSH]

["Andrew Smith" <rhml2 k1k2 com>]

Gordon Pritchard said:
> On Mon, 2003-06-16 at 04:06, shrek-m gmx de wrote:
>
>> does anybody really need
>>  RootLogin by default
>
> 	We do.
>
> 	In a typical deployment, our boxes have no local-users except root.
> All others are authenticated against a central LDAP server, and their
> home-dir is provided by another file-server.
>
> 	When something breaks, the only way into the box is as root,
> whether at
> the local-console, or from off-site.
>
> 	My $0.02,
> 	-Gord

Totally agree ... but more to the point ... why disable it?

The reason to disable root login in telnet is obvious.

If you don't trust ssh then don't install it :-)
If your root password is easy to guess then disabling root login
in ssh will not help that much - I'm sure someone will guess your
other passwords then su to root anyway.

A friend has an old debian box as his router/firewall and every
time I login to it I have to login twice ... using ssh ... coz
in his version (not sure about current) RootLogin is disabled.

Maybe I should ask him to change it - never thought of that - D'oh.

-- 
-Cheers
-Andrew

MS ... if only he hadn't been hang gliding!