Jump to content

sshd [solved]


Recommended Posts

OK, I will be the first to admit that if you want advice about computer security then I am probably the last person on earth that you should ask, because I know next to nothing about it. However I was a bit surprised when just the other day I came across the following entry in the file /etc/ssh/sshd_config. I would particularly draw you attention to the line that is not commented out.


# Authentication:

#LoginGraceTime 2m
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10


I have 5 versions of Mandriva running, 2x2008.0, 2x2009.0 and 1x2009.1. All three of the later versions have that line included by default as does Linux Mint. Open suse and 2008.0 do not have the file written in the same manner.


Now it is perfectly possible that there is some reason that this is not insecure and that I just don't know about it, but you have to admit it doesn't exactly look secure does it?


I never allow the ssh daemon to run, so it doesn't bother me that much, but if I did use ssh, I think it would bother me. Why is the file written like this?

Link to comment
Share on other sites

What it does is allows root to connect, but disables password authentication for root. Therefore, it forces root to be used with public keys instead. However, you'd still need:


ChallengeResponseAuthentication no


to ensure no password authentication can be used. However, I'd prefer to disable root access via SSH completely by putting:


PermitRootLogin no


which means then you have to connect with another normal user account first, and then su to root. However, I use public keys and no passwords plus some other options for extra security.


The line, as you mentioned, looks misleading, when really it's a bit more secure than it sounds.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...