[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Root Access



Michael Fleming <mfleming thatfleminggent com> writes:
> - NEVER ssh as root. PermitRootLogin defaults to "no" in OpenSSH for
>   good reason. If your root password is weak and an attacker guesses
>   it, it's game over, your machine is compromised and you're another
>   zombie in someone's botnet. Log in as a regular user and su

I was with you up to this.  The bug is that foolish folks allow unix
passwords for ssh at all.  The attackers have all the time in the world
and the newish admins will likely pick passwords that aren't all that
random even if they think they are clever by substituting the occasional
0 for O or similar.

I have always allowed root access.  Of course only RSA 1k and up
passwords are allowed.  Let's see some attacker guess.  If you don't
share RSA passwords among admins you can still turn off one password
without impacting other admins.  Beats changing the root unix password
where everybody shares it and changing it impacts everyone.

-wolfgang
-- 
Wolfgang S. Rupprecht              Android 1.5 (Cupcake) and Fedora-11


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]