James Knott wrote:
Petr Klíma wrote:
John Andersen wrote:
I don't think that is a universally accepted setup. The only risk to root ssh logins is based on ancient flaws and timing attacks in long obsolete versions of ssh.
It has other reason - noone can do successfull dictionary attack on root account when it's not allowed to login as root. You can try to rule out this possibility by using strong password, but it might be wiser to restrict root login from trusted IPs or deny it completely (while using strong root password of course).
Tosuja
There's nothing to stop someone from logging in as a user and the su to root. My firewall is configured to allow only RSA key SSH access. There is no password to guess.
I keep my firewall closed to SSH. Have been meaning to set up SSH to work only with keys, but have not gotten around to that. Regarding RKHunter, on previous installs (and when I run it in cl) it gives a much larger and detailed report. However the lines I posted earlier are the ONLY thing it spits out to daily email. This does not look right to me. Two different email, one that says " Please inspect this machine, because it can be infected", and the other with those 2 dozen or so lines. This is much less than what it should be reporting. I'm running rkh 1.28 on another install (suse 10.0) and it reports much more, like the cl does. I don't understand the difference between the two. Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org