Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK - so I was told that when my machine has the SSH server (not client) running, it is best practice to disable "permit root login". I did this but I don't really see the point. If someone can login to your machine via SSH as root, SSH is the least of your problems, no? Is they can hack your root password, how is your user password any safer? Sure they can hack bill's password on the server but then "Bill" really can't do anything to destroy the box but they can "su" and then attack if they get the password, no?
Can someone please help me here to understand if this is a safe method or just scare tactics.
You've hit the nail on the head already. It's just an extra step. If they hack bill's password they can only be bill. To su, they also have to hack root's password. If you enable root login via ssh, they now only need one password to completely take over your box.
Now if you do something silly like allow bill total root access through sudo, then they can easily just be root by hacking bill. But really, sudo should be used to setup only those commands that bill really needs to have access to as root.
Root should ONLY be used for in-front-of-the-actual-server, critical administration tasks that cannot be performed any other way.
Plus, even if Bob can su to root, they likely will not have the same password so you've just doubled the work of any potential password-guesser.
It's not a MAJOR security problem, it's more good practice and another little blockade in the way of someone getting root.
In some cases, you HAVE to allow root via SSH - dedicated servers in remote locations etc. - but the main point is, if there's no NEED to have root be able to login remotely, then it's safer just to turn off that capability entirely.
In the same way, the firewall on a server will stop any access/attacks on ports you don't want to expose (Samba, NFS etc.) but to also stop any server process running that you DON'T NEED is just an extra line in the defense.
in addition they would know that the root user exists in the first place. why should anyone out there know your user account is called carlwill or something. unless you have that username blatantly advertised you almost have a conceptual password there too. you will get the same response from the ssh server if a user does not exist, or if a real user has tried to log in with the wrong password. let's say you have 1,000,000 possible usernames, and you have 1,000,000 possible passwords. therefore you have 1,000,000,000,000 username/password combinations. that's one BIG dictionary attack....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
