viking777 Posted January 27, 2009 Report Share Posted January 27, 2009 OK, I will be the first to admit that if you want advice about computer security then I am probably the last person on earth that you should ask, because I know next to nothing about it. However I was a bit surprised when just the other day I came across the following entry in the file /etc/ssh/sshd_config. I would particularly draw you attention to the line that is not commented out. # Authentication: #LoginGraceTime 2m PermitRootLogin without-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 I have 5 versions of Mandriva running, 2x2008.0, 2x2009.0 and 1x2009.1. All three of the later versions have that line included by default as does Linux Mint. Open suse and 2008.0 do not have the file written in the same manner. Now it is perfectly possible that there is some reason that this is not insecure and that I just don't know about it, but you have to admit it doesn't exactly look secure does it? I never allow the ssh daemon to run, so it doesn't bother me that much, but if I did use ssh, I think it would bother me. Why is the file written like this? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.