Root Access
Wolfgang S. Rupprecht
wolfgang.rupprecht+gnus200906 at gmail.com
Tue Jun 16 03:55:58 UTC 2009
Michael Fleming <mfleming at thatfleminggent.com> writes:
> - NEVER ssh as root. PermitRootLogin defaults to "no" in OpenSSH for
> good reason. If your root password is weak and an attacker guesses
> it, it's game over, your machine is compromised and you're another
> zombie in someone's botnet. Log in as a regular user and su
I was with you up to this. The bug is that foolish folks allow unix
passwords for ssh at all. The attackers have all the time in the world
and the newish admins will likely pick passwords that aren't all that
random even if they think they are clever by substituting the occasional
0 for O or similar.
I have always allowed root access. Of course only RSA 1k and up
passwords are allowed. Let's see some attacker guess. If you don't
share RSA passwords among admins you can still turn off one password
without impacting other admins. Beats changing the root unix password
where everybody shares it and changing it impacts everyone.
-wolfgang
--
Wolfgang S. Rupprecht Android 1.5 (Cupcake) and Fedora-11
More information about the fedora-list
mailing list