Mailinglist Archive: opensuse-factory (904 mails)
| < Previous | Next > |
Re: [opensuse-factory] request for comments: disable ssh daemon by default
- From: "Dominique Leuenberger" <Dominique.Leuenberger@xxxxxxxxxxxxx>
- Date: Tue, 01 Apr 2008 10:44:03 +0200
- Message-id: <47F211F3.2554.0029.1@xxxxxxxxxxxxx>
If you have to move hardware around just to change a line in the sshOn Tue, Apr 1, 2008 at 4:45 AM, "Ciro Iriarte" <cyruspy@xxxxxxxxx> wrote:
configuration, it is annoying.
Regarding the regular user, as I stated before, not all servers need
regular users, think about a cyrus imap black-box server... I'm just
giving my impressions...
What stops you from having your own corp wide admin user in this case? and I'd
suggest to name it somewhat non trivial already. root is most likely one of the
most tried login attempts to my ssh daemon. so even though I need root right, I
would never ever allow it to log in directly via SSH.
call me paranoid, but I prefer somebody hacking in a dummy user account and
then having to break a su password in plus. And the log file of failed login
attempts shows me it's not the worst to do... why have them 'only' guess the
password, if I can have them guess user AND password combinations? An
alternative of course would be to rename root.
Dominique
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |