Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
OK - so I was told that when my machine has the SSH server (not client) running, it is best practice to disable "permit root login". I did this but I don't really see the point. If someone can login to your machine via SSH as root, SSH is the least of your problems, no? Is they can hack your root password, how is your user password any safer? Sure they can hack bill's password on the server but then "Bill" really can't do anything to destroy the box but they can "su" and then attack if they get the password, no?
Can someone please help me here to understand if this is a safe method or just scare tactics.
You've hit the nail on the head already. It's just an extra step. If they hack bill's password they can only be bill. To su, they also have to hack root's password. If you enable root login via ssh, they now only need one password to completely take over your box.
Now if you do something silly like allow bill total root access through sudo, then they can easily just be root by hacking bill. But really, sudo should be used to setup only those commands that bill really needs to have access to as root.
Root should ONLY be used for in-front-of-the-actual-server, critical administration tasks that cannot be performed any other way.
Plus, even if Bob can su to root, they likely will not have the same password so you've just doubled the work of any potential password-guesser.
It's not a MAJOR security problem, it's more good practice and another little blockade in the way of someone getting root.
In some cases, you HAVE to allow root via SSH - dedicated servers in remote locations etc. - but the main point is, if there's no NEED to have root be able to login remotely, then it's safer just to turn off that capability entirely.
In the same way, the firewall on a server will stop any access/attacks on ports you don't want to expose (Samba, NFS etc.) but to also stop any server process running that you DON'T NEED is just an extra line in the defense.
in addition they would know that the root user exists in the first place. why should anyone out there know your user account is called carlwill or something. unless you have that username blatantly advertised you almost have a conceptual password there too. you will get the same response from the ssh server if a user does not exist, or if a real user has tried to log in with the wrong password. let's say you have 1,000,000 possible usernames, and you have 1,000,000 possible passwords. therefore you have 1,000,000,000,000 username/password combinations. that's one BIG dictionary attack....