Security of using sudo rather than su?

Alexander Skwar listen at
Sun Sep 17 17:08:34 UTC 2006

· Peter Garrett <peter.garrett at>:

> On Sun, 17 Sep 2006 14:48:32 +0200
> Alexander Skwar <listen at> wrote:
>> · Dennis Kaarsemaker <dennis at>:
>> > On do, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
>> >> Dennis Kaarsemaker <dennis at>:
>> >> > Because normally, root *can* login over ssh and 'root' is a very
>> >> > well-known username.
>> Actually, that's wrong. root normally *cannot* do this.
> Well, from a default newly installed /etc/ssh/sshd_config  :
> # Authentication:
> LoginGraceTime 120
> PermitRootLogin yes     ## << My emphasis
> StrictModes yes

Interesting. Why do they enable default settings?

So, no, that's not a default sshd_config.

> Of course, you might say Ubuntu is not normal, for some value of
> "normal" ;-)

Yes, I do. Default and normal is, what the "manufacturer" ships. ships a sshd_config with:

#PermitRootLogin yes

In the beginning of a defalt sshd_config, you can find:

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

So, in a default sshd_config, you can find "#PermitRootLogin yes", which
means, that PermitRootLogin is set to yes.

Alexander Skwar
To Perl, or not to Perl, that is the kvetching.
             -- Larry Wall in <199801200310.TAA11670 at>

More information about the ubuntu-users mailing list