[Asterisk-Users] asterisk@home scary log
Steven Critchfield
critch at basesys.com
Thu Feb 10 10:44:37 MST 2005
On Thu, 2005-02-10 at 11:36 -0500, Noah Miller wrote:
> > IMO, your best defence is leaving ssh's default setting
> > which disallows root logins entirely. There's no reason
> > for a remote user to ever have to log in as root. Root
> > access should be obtained by a logged-in normal user
> > using sudo, or su.
>
> I'm not sure what happens when you do a fresh compile and
> install of OpenSSH, but every distro I've ever worked with
> (Red Hat, Gentoo, Slackware, Vector, Tao, Yellow Dog,
> Debian, Knoppix, SuSe, Linspire, FreeBSD, OpenBSD, Darwin,
> OS X) has allowed root logins via SSH by default. Maybe
> they're changing that on newer versions of some distros.
> I dunno.
I'll call bullshit on that. I know for a fact that Debian does NOT allow
root logins except from console. Hell Debian isn't allowing root logins
from X anymore due to the likely hood for you to try and use root for
more than administration.
I know Mandrake does annoying things if you try to login as root on
anything but console to also discourage it's use.
I don't expect much from Linspire as it attempts to be windows. As for
the rest in your list other than OS X, I wouldn't bother trying to run
them when you have Debian available.
--
Steven Critchfield <critch at basesys.com>
More information about the asterisk-users
mailing list