Security of using sudo rather than su?
Alexander Skwar
listen at alexander.skwar.name
Sun Sep 17 17:08:34 UTC 2006
· Peter Garrett <peter.garrett at optusnet.com.au>:
> On Sun, 17 Sep 2006 14:48:32 +0200
> Alexander Skwar <listen at alexander.skwar.name> wrote:
>
>> · Dennis Kaarsemaker <dennis at kaarsemaker.net>:
>> > On do, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
>> >> Dennis Kaarsemaker <dennis at kaarsemaker.net>:
>>
>> >> > Because normally, root *can* login over ssh and 'root' is a very
>> >> > well-known username.
>>
>> Actually, that's wrong. root normally *cannot* do this.
>
> Well, from a default newly installed /etc/ssh/sshd_config :
>
> # Authentication:
> LoginGraceTime 120
> PermitRootLogin yes ## << My emphasis
> StrictModes yes
Interesting. Why do they enable default settings?
So, no, that's not a default sshd_config.
> Of course, you might say Ubuntu is not normal, for some value of
> "normal" ;-)
Yes, I do. Default and normal is, what the "manufacturer" ships.
openssh.com ships a sshd_config with:
#PermitRootLogin yes
In the beginning of a defalt sshd_config, you can find:
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
So, in a default sshd_config, you can find "#PermitRootLogin yes", which
means, that PermitRootLogin is set to yes.
Alexander Skwar
--
To Perl, or not to Perl, that is the kvetching.
-- Larry Wall in <199801200310.TAA11670 at wall.org>
More information about the ubuntu-users
mailing list