CLT 2007 is over

Posted by Nico Golde in debian
Monday, March 5. 2007

The Chemnitzer Linuxtage event is over and like every year the event was very nice.
From my point of view it's one of the best organized and community driven events in Germany.

Sadly I just saw one talk (libfind) because most time I was busy with meeting all the people I can just see one time a year on this event and finding a way to allow dpkg to merge old and new configuration files.

This year I attended two booths, the one of my favorite live cd grml and the one of debian.
It was the first time for grml having a booth at the CLT and I think the feedback was quite good.

The debian booth was also very cool and well organized (thanks Noel) and I had alot of interesting discussions with different users.
One question which came up was why debian permits root logins in a default ssh installation. I had no answer for this question since I also think it's definitly a security issue. Elmar Hoffmann thought it could have to do with an easy way of scping files for root without using a user temporary.
If someone has an answer, let me know.

Comments (4) - Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

The reasoning is in the README.Debian... although I don't agree with them.

#1 Thijs on 2007-03-05 22:09 (Reply)

Hi Nico,

you might want to read "PermitRootLogin set to yes" in /usr/share/doc/ssh/README.Debian.gz

#2 Thomas Weber on 2007-03-06 08:04 (Reply)

Yes did this after Thijs gave the hint. Thanks, the other DDs at CLT didn't know too

But the argumentation is somehow strange.

#3 nion on 2007-03-06 13:49 (Reply)

Well, disallowing password authentication at all would IMO be of a greater benefit to the averange user than disallowing root login - those who use a weak root password most likely also have a weak password on their user account. And from that its only a matter of sudo (with the known user password), su (forcing the weak root password or waiting for the user to do it) or the next local root exploit that comes along. So there I do agree with the rationale given in README.Debian.

Speaking of "loosing" passwords, there also is a client side setting worth noting: Disallowing tunneled clear text (as opposed to challenge response) password authentication by setting "PasswordAuthentication no" in /etc/ssh/ssh_config to avoid passwords ever being given out to a remote ssh server.

#4 elho on 2007-03-08 22:37 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets. E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets.
	Remember Information?

CLT 2007 is over

nion's blog

CLT 2007 is over

Calendar

Quicksearch

Support

Recent Entries

Archives

Syndicate This Blog

Categories

Tag cloud