[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Upcoming OpenSSH vulnerability
On Tue, Jun 25, 2002 at 05:59:07PM -0700, ben@trumpetpower.com said:
> On Tue, Jun 25, 2002 at 03:12:27AM -0600, Theo de Raadt wrote:
>
> > > Does it means that this bug can be exploited when sshd is
> > > running with "PermitRootLogin yes" ?
> >
> > Maybe yes, maybe no.
> >
> > Note I've not answered your question either way. So what are
> > you going to do? Perhaps follow the instructions I sent?
>
> I have.
>
> A related but different question: best practices dictate using
> sudo and not logging in as root. Regardless of the current bug,
> are there non-policy reasons to avoid ``PermitRootLogin yes''?
sudo + ssh keys is a great way to manage a large network without having to
give ANYBODY root's password. And when an employee leaves, you just remove
their account on the admin box, and they're off the network. No need to
change passwords on every box, because they never had them.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
[demime 0.98d removed an attachment of type application/pgp-signature]