People say that root login should be disabled in sshd. From security point of view, it is totally understandable as I have seen bad guys connecting to port 22 to try root password. But if the ssh port number can be hidden or changed to other alien port, it might not be necessary to disable root login.
I myself would like to use root login in sshd which does not binded to port 22. The reason is that even if a normal user can su to get root access via ssh, the working directory paths are not the same.
This is the working paths of root account using su :
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:
/bin:/usr/bin:/usr/X11R6/bin:
and the following is the working paths of root account by direct login :
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:
/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:
Of course, the latter one provides much more convenience as I can invoke system commands or utilitiy only accessed by root account at any directory path. Unlike the latter, the former requires me to only issue the command ./ifconfig after I changed to /usr/sbin or I have to use : /usr/sbin/ifconfig
No comments:
Post a Comment