On Jan 13, 2015, at 9:31 AM, Zoran Kolic <zkolic at sbb.rs>
wrote:>
>> Can you point to that for the rest of us? I'd rather not wade in
openbsd-misc....
>
> The link original poster presented is the correct one.
> Openbsd tend to set some default values, which one might
> like or not. I would disable root login at first.
> Misc seems rough at moment. I found it very helpfull if
> I need help, just have to follow rules. Be patient, give
> as much info as possible, don't push... Do your homework...
> If I really have to say what I think: ssh is great tool.
In the FreeeBSD space, enabling root login for SSH by default is problematic on
both sides of the sword.
- If it enabled by default, and the root password is purposely easy to remember
(because it is a single-user system), it's easy to get owned.
- If it is disabled by default, you either have to be able to log in once from
the console (which you might not have access to if it is a VM), or the one user
who was added has to be part of the right group *and* you need to remember the
right incantation for "su".
On balance, I'm happy with the FreeBSD default of "PermitRootLogin
no" even though it has made creating new FreeBSD VMs troublesome for me
sometimes.
...and I'm glad we're not discussing the uninformed crypto FUD that
started this thread...
--Paul Hoffman