how to react on ssh attacks?
Michael A. Peters
mpeters at mac.com
Tue Oct 25 16:43:01 UTC 2005
On Mon, 2005-10-24 at 20:53 -0700, Joel Jaeggli wrote:
> On Tue, 25 Oct 2005, Danny Terweij - Net Tuning | Net wrote:
>
> > From: "Michael A. Peters" <mpeters at mac.com>
> >
> >>> As you have already realized, it is generally not safe to allow ssh
> >>> access for root. In fact, Fedora by default does not allow root to have
> >>> ssh access.
>
> Ask yourself why is is not safe to ssh to root?
It's a known user ID on a system, and an incredibly powerful one.
No one will have root access that doesn't have a regular user account as
well, therefore, forcing remote root users to first log in as their
regular user and then su to root prevents a known username that happens
to be all powerful from being bute-forced.
Furthermore, if you ssh in as root - there is no accountability.
If you ssh in as a user and then su to root, that action is recorded in
the log files - and you know who logged into root and when.
More information about the fedora-list
mailing list