Why RHEL/CentOS allow root login over SSH as default configuration BTHOOM
/How much manpower is needed to change yes to no? #infosec
@khaxan Yes, but just having any suid binaries at all is a big attack surface for local escalation. Using sshd to trans to root avoids them.
-
-
@RichFelker Sure, but I think we're seeing this from different perspectives, you as external security and I as principle of least privilege -
@khaxan@RichFelker Just use 2 ssh sessions: root and non-root. Instead of sudo, switch to another terminal.
End of conversation
New conversation -
-
-
@RichFelker sometimes your biggest problem is a user who issue a careless rm -
@khaxan Forced command (in authorized_keys file) can do this elegantly.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.