sshd [solved]

[viking777]

OK, I will be the first to admit that if you want advice about computer security then I am probably the last person on earth that you should ask, because I know next to nothing about it. However I was a bit surprised when just the other day I came across the following entry in the file /etc/ssh/sshd_config. I would particularly draw you attention to the line that is not commented out.

 

# Authentication:

#LoginGraceTime 2m
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

 

I have 5 versions of Mandriva running, 2x2008.0, 2x2009.0 and 1x2009.1. All three of the later versions have that line included by default as does Linux Mint. Open suse and 2008.0 do not have the file written in the same manner.

 

Now it is perfectly possible that there is some reason that this is not insecure and that I just don't know about it, but you have to admit it doesn't exactly look secure does it?

 

I never allow the ssh daemon to run, so it doesn't bother me that much, but if I did use ssh, I think it would bother me. Why is the file written like this?

[ianw1974]

What it does is allows root to connect, but disables password authentication for root. Therefore, it forces root to be used with public keys instead. However, you'd still need:

 

ChallengeResponseAuthentication no

 

to ensure no password authentication can be used. However, I'd prefer to disable root access via SSH completely by putting:

 

PermitRootLogin no

 

which means then you have to connect with another normal user account first, and then su to root. However, I use public keys and no passwords plus some other options for extra security.

 

The line, as you mentioned, looks misleading, when really it's a bit more secure than it sounds.

[viking777]

Quick reply!

 

Thanks Ian, I thought there had to be more to it than I could see.