PermitRootLogin warning semi true
Hi,
You send an alert email of:
"
SSH direct root logins are permitted. Manually edit /etc/ssh/sshd_config and change PermitRootLogin to "without-password" or "no", then restart SSH in the "Restart SSH" area
"
But if the sshd config contains "PasswordAuthentication no" - I guess it is parallel (and even has a wider coverage, as it covers all users) to "PermitRootLogin" with a value of "without-password", hence I believe that if this value exists in the sshd config - this warning is not needed (although it is generally better to give PermitRootLogin a value of "without-password" in parallel, to be on the safe side)
-
Hey hey! This warning does come from the Security Center tool, but the PasswordAuthentication option is completely independent from PermitRootLogin. If PasswordAuthentication is set to no, that just means you have to use a key to access the system, but you can still access as root. 0 -
Do you agree that if PasswordAuthentication is set to "no" it means that even root can only login with a key, hence this warning is not justified? 0 -
No, as that is still correct. Even though it's with a key, it is a direct root login. 0
Please sign in to leave a comment.
Comments
3 comments