Bug 22930
Summary: | root is allowed to login remotely | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Arenas Belon, Carlo Marcelo <carenas> |
Component: | openssh | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 7.1 | CC: | dr, menthos |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-12-28 15:34:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Arenas Belon, Carlo Marcelo
2000-12-28 07:28:18 UTC
Seconded. Remote root logins should be disabled by default. Remote root login is disabled by default as a security measure specifically because of the hazards of password-sniffing. Over a cryptographically-protected channel, it's not necessary. Disabling root logins also provides kinda audit trail. You see in the logs _who_ logged in (via su) as root. With direct root logins you don't. This is purely a configuration issue, and it's impossible to get it right for everyone. We're going to leave this set to the same default that the portable OpenSSH team includes in theirs. Thirded (?). I would personally prefer a changed default (to "PermitRootLogin no"). |