On Mon, 20 May 2002 20:26:11 +0100 "Colin Watson" <[EMAIL PROTECTED]> wrote:
> Like the document says, regularly su'ing to root from an account makes > compromising that account essentially equivalent to compromising root > anyway. I don't see a problem with the default configuration, and nor do > OpenSSH upstream. Good security is layered. Because a normal account could be compromised and su'ing to root accomplished doesn't mean that it should be made easier for a cracker by allowing direct root logins. Additionally, the default Debian ssh config allows for password authentication. This is definitely a bad idea. The defaults for most other settings show a desire to make the installation more secure. It really doesn't make sense (at least not to me) to tighten up other defaults but just leave the key in the lock on these two. > I can safely say that this is a pointless discussion; I know the > maintainer, and he's not going to change his mind. If you disagree, > you're free to change the configuration for yourself. I have on all of my systems, as soon as they were installed. However, it would be nice to know the reasoning behind this default configuration. -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]