Putty for SSH access
in [Linux Networking]
|
Prev: CASH FOR CISCO - I BUY USED AND NEW EQUIPMENT & LOTS MORE
Next: BIND config tool + How do I select between chroot and no chroot?
From: Roy Smith on 16 Jul 2010 09:25 In article <0dca0c03-ca0d-4e32-ad86-33c3f223193c(a)x2g2000prk.googlegroups.com>, David Schwartz <davids(a)webmaster.com> wrote: > If you are sure you want to allow direct SSH as root, edit your > 'sshd_config' file. Add or uncomment a line that says "PermitRootLogin > yes". The "if you are sure" wording implies this is poor practice. Let me just make that more explicit. It is poor practice to allow root logins. Login as yourself and do su (or, even better, run what you need to run with sudo).
From: Aragorn on 16 Jul 2010 10:02 On Friday 16 July 2010 15:25 in comp.os.linux.networking, somebody identifying as Roy Smith wrote... > In article > <0dca0c03-ca0d-4e32-ad86-33c3f223193c(a)x2g2000prk.googlegroups.com>, > David Schwartz <davids(a)webmaster.com> wrote: > >> If you are sure you want to allow direct SSH as root, edit your >> 'sshd_config' file. Add or uncomment a line that says >> "PermitRootLogin yes". > > The "if you are sure" wording implies this is poor practice. Let me > just make that more explicit. It is poor practice to allow root > logins. I second that. > Login as yourself and do su (or, even better, run what you > need to run with sudo). But here I will disagree, in the sense that "sudo" is generally set up to require only the user's own password, albeit that this can be changed. "su" is therefore a safer approach in most set-ups because it still requires knowledge of the root password. That's three things an attacker has to guess: the account's login, the account's password and the root password. -- *Aragorn* (registered GNU/Linux user #223157)
From: Keith Keller on 16 Jul 2010 10:37 On 2010-07-16, Aragorn <aragorn(a)chatfactory.invalid> wrote: > But here I will disagree, in the sense that "sudo" is generally set up > to require only the user's own password, albeit that this can be > changed. > > "su" is therefore a safer approach in most set-ups because it still > requires knowledge of the root password. That's three things an > attacker has to guess: the account's login, the account's password and > the root password. As always, what is a "safer" approach depends wildly on the particular situation. Both su and sudo will log logins, but only sudo will log actual commands executed (unless you do sudo su or similar which gets you a root shell). --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: jny0 on 16 Jul 2010 11:43 The device in question is an embedded pc running linux from buildroot. It only has a root user, with no password. It will not allow me to add users, but will allow me to apply a password to the root user. With this set, putty was allowed to ssh in. I'll have to rebuild buildroot with either a root password by default, or some users for remote access. Thanks for everyone's help.
From: Grant on 16 Jul 2010 18:24
On Fri, 16 Jul 2010 08:43:09 -0700 (PDT), jny0 <jny0(a)hotmail.com> wrote: >The device in question is an embedded pc running linux from >buildroot. It only has a root user, with no password. It will not >allow me to add users, but will allow me to apply a password to the >root user. With this set, putty was allowed to ssh in. I'll have to >rebuild buildroot with either a root password by default, or some >users for remote access. Is the device accessible from the Internet? I have no problem allowing passwordless root login on localnet for PuTTY. And, the Internet facing box doesn't even allow username / password login. Only the private/public keys method. PuTTY includes an agent that you enter your passphrase into once on startup. So, it's secure and transparent, open new PuTTY session and type in root or username on the new terminal. Grant. |