On Wed, 25 May 2016 19:59:11 +0000, Kaz Kylheku wrote:
> On 2016-05-25, Ian Zimmerman <
i...@buug.org> wrote:
>> On 2016-05-24 22:40 +0200, Kees Nuyt wrote:
>>
>>> # unrelated, but preferred for secure systems: PermitRootLogin no
>>> AllowGroups <space delimited list of groups you allow>
>>> AllowUsers <space delimited list of users you allow>
>>
>> I'll bite.
>>
>> What's the value of PermitRootLogin=no? Presumably at least some of
>> the allowed users have sudo powers.
>
> PermitRootLogin no is very similar in spirit to what /etc/securetty
> does: prohibiting root login from certain terminals.
>
> The incredible value of this mechanism is that that you can have "G0D"
> as a root password, and be sure that no outsiders can (directly)
> log in as root even if they happen to guess it.
network). That allows identification by inspection of the log of what