[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] OpenSSH pkg default config (was: Am I missing something here)
- Subject: Re: [cobalt-security] OpenSSH pkg default config (was: Am I missing something here)
- From: "Edward Cruz" <edward.cruz@xxxxxxxxx>
- Date: Thu, 14 Mar 2002 12:40:40 -0800
- Organization: Eiron
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> I have had a lot of ssh protocol 1 scans
> You are running ONLY protocol 2 aren't you?
> And you are running 3.1p1
> --
> Gerald Waugh
> New Haven, Connecticut USA
>
Continuing in the same vein: double check that the OpenSSH sshd_config has
PermitRootLogin set to no. If set to yes, this allows anyone to attempt to
login directly as root. Although I am not a security expert by any means, I
recall reading that this is not a good idea... Instead, you can login as
admin and then su to get root access.