[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SSHd

From: "Arthur Pemberton" <pemboa gmail com>
To: "Development discussions related to Fedora Core" <fedora-devel-list redhat com>
Subject: Re: SSHd
Date: Mon, 21 Aug 2006 18:08:29 -0500

I am not qualified to respond to the issue faced with headless
machines as I have never had the need to do such myself (though this
thread makes me want to give it a try) however, on a per user basis, I
think it is safe to say that the majority of users do not utilize this
method of installation, so maybe those who are in the know can devise
a way to have root off by default.

While the bots going around guess most usernames, they will always get
'root' and 'ftp' right on a standard install. At least 'ftp' has the
nologin shell. Both easily allowing weak password, and having root
able to remotely login by default seems to be leaving open a
semi-obvious attack vector that need not be.

Slightly off-topic however, we might consider banning the creation or
remote login of the more commonly attacked usernames (not considering
root as there is the previosly described problem).

Peace.

References:
- Re: SSHd
  - From: Matthew Miller
- Re: SSHd
  - From: seth vidal
- Re: SSHd
  - From: Bill Nottingham
- Re: SSHd
  - From: Matthew Miller
- Re: SSHd
  - From: Bill Nottingham
- Re: SSHd
  - From: Matthew Miller
- Re: SSHd
  - From: Bill Nottingham
- Re: SSHd
  - From: seth vidal
- Re: SSHd
  - From: Jeremy Katz
- Re: SSHd
  - From: Matthias Saou

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]