[Discuss] PSA: no root login for SSH
Daniel Barrett
dbarrett at blazemonger.com
Wed Dec 23 12:21:09 EST 2020
On December 22, 2020, Matthew Gillen wrote:
>Seeing as how root has 10 times the hits of the next biggest target,
>if you're not set up with some sort of MFA this is why it can be a
>good idea to set the "PermitRootLogin no" option in your sshd config.
This may be obvious, but... setting "PasswordAuthentication no" is
also a good idea to protect against ALL password-based logins --
root's or otherwise. If sshd permits only (say) PubkeyAuthentication,
then attackers can't log in unless they have stolen the necessary
private key and decrypted its (hopefully very strong) passphrase.
--
Dan Barrett
dbarrett at blazemonger.com
More information about the Discuss
mailing list