MLUG: Mizzou Linux Users GroupHome | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact
MLUG: Re: [MLUG] Debian SSH root access keys
Re: [MLUG] Debian SSH root access keys
Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
If you have a standard setup of Ubuntu, then there is no root account
set up out of the box, making the "no SSH root logins" a moot point. Yuo
probably don't need a root account on Ubuntu anyway as "sudo -s" is
effectively equivalent to an actual root login. Debian can be set up
this way as well, but the typical setup is root + unprivileged user
without sudo privileges. 

--Jack

On Thu, 2008-05-15 at 18:18 -0500, Mike Miller wrote:
> No time to get the details but here's the basic idea...
> 
> We had a message telling us that our Ubuntu box is probably vulnerable to 
> a Debian vulnerability where there are only a few SSH keys for root and 
> there is now a script that tests all of them in about an hour.  I guess 
> there is some kind of bizarre error in the key generation process on some 
> systems that causes them to make only a few possible keys.
> 
> http://community.livejournal.com/evan_tech/250810.html
> 
> I personally never let people log in as root.  Sometimes people say that 
> is too restrictive, but today I feel vindicated.
> 
> Mike
> 
> _______________________________________________
> members mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/members


_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Questions? Comments? Feel free to contact MLUG.
DMCA and other copyright information.