Why RHEL/CentOS allow root login over SSH as default configuration BTHOOM
/How much manpower is needed to change yes to no? #infosec
-
-
@RichFelker I think it's better to sudo though; less potential problems ;) -
@khaxan sudo is a strictly larger attack surface than sshd. -
@RichFelker I don't mean sudo as an alternative to ssh, I meant ssh then sudo, bc working as root can cause trouble if user is not careful -
@khaxan Yes, but just having any suid binaries at all is a big attack surface for local escalation. Using sshd to trans to root avoids them. -
@RichFelker Sure, but I think we're seeing this from different perspectives, you as external security and I as principle of least privilege -
@khaxan@RichFelker Just use 2 ssh sessions: root and non-root. Instead of sudo, switch to another terminal.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.