Re: Broadband querry

Hi,

On Mon, 08 Mar 2004, Rick Moen wrote:

> Quoting Liam Bedford (lbedford@xxxxxxxxxxxx):
> 
> > FreeBSD doesn't allow login to root, but debian (in particular
> > libranet, don't have a pure debian box) does.
> 
> Debian as installed here has remote ssh login directly to the root account 
> _disabled_.  

Well, I hate to say it but I'm running debian sarge on two different
machines and I've checked the config which had in both cases
(/etc/ssh/sshd_config):

PermitRootLogin yes

I've check two of a colleagues debian machines (one stable and one testing,
installed in the past six months) to which I have a login and again both
allow root logins as above.  Actually I think in all cases openssh is
pinned back to stable so that security updates come through quickly syaing
testing is a red herring.  Might this policy have changed in sarge Rick?
Or is this another of my all too common misunderstandings.

I'm sure I haven't changed this setting.  I extracted out the control stuff
from the ssh .deb off heanet and

gavin@robin:/tmp# grep -i root DEBIAN/*
DEBIAN/postinst:PermitRootLogin yes
DEBIAN/templates: root, and therefore reduces the impact of security holes in 
sshd.
DEBIAN/templates: PAM session modules that need to run as root (pam_mkhomedir, 
for
DEBIAN/templates: root, and therefore reduces the impact of security holes in 
sshd.
DEBIAN/templates: PAM session modules that need to run as root (pam_mkhomedir, 
for
DEBIAN/templates: 'PermitRootLogin' to yes (meaning that anyone knowing the 
root password can
DEBIAN/templates: ssh directly in as root). It is the opinion of the maintainer 
that this is
DEBIAN/templates:Description: Do you want /usr/lib/ssh-keysign to be installed 
SUID root?

The same appears to be true in the sarge version.

Gavin
Who's off to edit those configs.

signature.asc
Description: Digital signature

-- 
Irish Linux Users' Group
http://www.linux.ie/mailman/listinfo/ilug/