PDA

View Full Version : [ubuntu] OpenSSH security question



usermeister
June 13th, 2008, 03:11 PM
Hi guys.
I am going through Ubuntu server guide. Currently I'm on OpenSSH and reading about it on Ubuntu wiki. This is what I'm curious about...

"The default /etc/ssh/sshd_config which is used with Ubuntu's OpenSSH implementation is more secure than that found in many other distributions of GNU/Linux"
https://help.ubuntu.com/community/AdvancedOpenSSH

Can someone briefly explain to me how is it more secure? I've looked through config file, but I'm not an expert, and I could use this in my school paper about Ubuntu.

kevdog
June 13th, 2008, 05:06 PM
Hmm, that statement seems a little bit misleading. I haven't compared config files between distributions, however compared to the cygwin sshd_config, the files are the same.

hyper_ch
June 13th, 2008, 06:43 PM
au contraire to debian root login is disabled by default... maybe they mean that...

brian_p
June 13th, 2008, 07:22 PM
au contraire to debian root login is disabled by default... maybe they mean that...

Au contraire. PermitRootLogin is set to 'yes'. There is a Readme.Debian explaining why.

hyper_ch
June 13th, 2008, 07:32 PM
oh :) thought ubuntu had set rootlogin to no :)

brian_p
June 13th, 2008, 08:20 PM
oh :) thought ubuntu had set rootlogin to no :)

There is:

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/45416

I also looked at Ubuntu's openssh-server package and the postinst has it as enabled.

kevdog
June 13th, 2008, 08:32 PM
So I guess the answer to the question is that Ubuntu's sshd_config is really no different than the standard default.

usermeister
June 26th, 2008, 12:49 PM
Thank you for your replies. :)