[Asterisk-Users] asterisk@home scary log

Steven Critchfield critch at basesys.com
Thu Feb 10 10:44:37 MST 2005


On Thu, 2005-02-10 at 11:36 -0500, Noah Miller wrote:
> > IMO, your best defence is leaving ssh's default setting 
> > which disallows root logins entirely.  There's no reason 
> > for a remote user to ever have to log in as root.  Root 
> > access should be obtained by a logged-in normal user 
> > using sudo, or su.
> 
> I'm not sure what happens when you do a fresh compile and 
> install of OpenSSH, but every distro I've ever worked with
> (Red Hat, Gentoo, Slackware, Vector, Tao, Yellow Dog, 
> Debian, Knoppix, SuSe, Linspire, FreeBSD, OpenBSD, Darwin, 
> OS X) has allowed root logins via SSH by default.  Maybe 
> they're changing that on newer versions of some distros.  
> I dunno.

I'll call bullshit on that. I know for a fact that Debian does NOT allow
root logins except from console. Hell Debian isn't allowing root logins
from X anymore due to the likely hood for you to try and use root for
more than administration.

I know Mandrake does annoying things if you try to login as root on
anything but console to also discourage it's use.

I don't expect much from Linspire as it attempts to be windows. As for
the rest in your list other than OS X, I wouldn't bother trying to run
them when you have Debian available.
-- 
Steven Critchfield <critch at basesys.com>




More information about the asterisk-users mailing list