In message <[EMAIL PROTECTED]>, Anton Karpov writes: > I'm neither OpenBSD nor an OpenSSH developer, but I think, the main idea of > enabling root by default in OpenBSD is... protection from weak passwords! > Just look at this. When you're installing OpenBSD, systems asks for a root > password. You're setting a reasonably strong password, and proceed with a > rest of install process. After installation and (remote) configuration, if > you would like to make you system a bit more secure, you just have to change > PermitRootLogin from yes to no. And that's all. > Now imagine root login is disabled by default. In this situation, during > installation procedure, you should: > * set root password; > * add unprivileged user and set his password; > Most of the people doesn't really much care, and then it comes to "please > create new password" second time (for unpriv user), they think "That's the > sh*t, f*ck%ng password again!" and types really weak or similar to previous > pasword. Typically, next their step is to configure sudo to run any command > with NOPASSWD. And here comes the real hole: ssh login with weak password & > sudo ksh. People often think: "I'll mess with security later, after > configuring all this server stuff".
If the password assigned to the root account when remote root logins are enabled is weak, the system will be easily rooted by intruders. If there is an intermediate, non-privileged, user that *is* required for log in as root there are two secrets to guess: the username of the unprivileged user and its password (shared with the root account). Most users do not use the same passwords for our unprivileged and root accounts either. On the other hand, nothing will stop a bad system manager to set up weak passwords if remote root login is allowed. > Resume. If you set weak password, you system is vulnerable anyway. If you > set strong password, don't bother about all those kiddie stuff like ssh > scanners and about PermitRootLogin. With second unprivileged user added > along with root during installation, your chances to lose is higher. Don't see the point. Why an unprivileged user will increase the chances for the system being compromised? There are two secrets to guess: the username (fingerd is disabled by default) and the password. There are two secrets in the case there is a password shared between the unprivileged user and the root account, three secrets (an unprivileged account in the wheel group with its password, and the root password) on most systems. I can hardly understand the notion of "strong password". On my passwords I use a combination of uppercase letters, lowercase letters, numbers, and characters that are easy typed on any keyboard (+,./:;-_= ...). Some of the passwords tried by certain tools are nearly as strong as these ones (at least, these password do not look obvious to me either). Logs show that combinations like "john/john" and "root/root" are too easy for some tools that certainly try true brute force attacks starting at seven or more characters. Just trying to make the access as root to unauthorized users a bit more difficult without an known exploit. Best regards, Igor.
