A Topic that needs to be discussed on next the QA meeting..
Michal Jaegermann
michal at harddata.com
Tue Mar 18 15:56:34 UTC 2008
On Tue, Mar 18, 2008 at 04:34:32AM -0700, Andrew Farris wrote:
> Alan Cox wrote:
> >
> >Root isn't the high risk. User accounts and sshd bugs are the high risk.
>
> Well I understand why those are a high risk, but with root at least the
> attacker knows the username, normal usernames is a double blind brute force
> right?
It is enough on a creation of the first user account to drop
"PermitRootLogin without-password" into sshd_config, restart
sshd and root immediately ceases to be "high risk". Other
risks remain but I am not sure if sshd is that prominent on that
list.
Michal
More information about the fedora-test-list
mailing list