On Thu, Mar 20, 2014 at 8:43 AM, Timothy Murphy <gayleard at eircom.net> wrote: > Johnny Hughes wrote: > > > If you look at page 66 of the PDF, it tells you how to not get infected > > ... don't allow root logins and don't use passwords. > > Thanks very much for your prompt response. > > I was slightly surprised to see that PermitRootLogin seems to be set to Yes > by default on CentOS (and also on Fedora). > I don't look at PermitRootLogin being yes by default as being a bad thing. Securing SSH doesn't stop at just its configuration. Initially "root" is the online account on a Linux machine. It's up to the sysadmin to create another account [and further secure] the host. This brings up other aspect of securing user accounts: 1) strong/somewhat random passwords (especially for root user) 2) firewall rules that only permit select hosts from accessing SSH (or other services) And then there's password aging. > > I'm very ignorant of these matters, but what advantage does this give? > Can't I get to the same place by ssh-ing into the remote machine, > and then su-ing there? > "root" is an easy username to guess ... and will exist on most Linux systems There will likely not be a "tmurphy" or "gayleard" on most Linux hosts, so that account is less likely to be brute forced. > > > -- > Timothy Murphy > e-mail: gayleard /at/ eircom.net > School of Mathematics, Trinity College, Dublin 2, Ireland > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 //