Mailinglist Archive: opensuse-factory (904 mails)

[Vincent Untz <vuntz@xxxxxxxxxx>]

Le mardi 01 avril 2008, à 10:44 +0200, Dominique Leuenberger a écrit :
> > > > On Tue, Apr 1, 2008 at  4:45 AM, "Ciro Iriarte" <cyruspy@xxxxxxxxx> wrote:
> > If you have to move hardware around just to change a line in the ssh
> > configuration, it is annoying.
> >
> > Regarding the regular user, as I stated before, not all servers need
> > regular users, think about a cyrus imap black-box server... I'm just
> > giving my impressions...
>
> What stops you from having your own corp wide admin user in this case? and 
> I'd suggest to name it somewhat non trivial already. root is most likely one 
> of the most tried login attempts to my ssh daemon. so even though I need root 
> right, I would never ever allow it to log in directly via SSH.
>
> call me paranoid, but I prefer somebody hacking in a dummy user account and 
> then having to break a su password in plus. And the log file of failed login 
> attempts shows me it's not the worst to do... why have them 'only' guess the 
> password, if I can have them guess user AND password combinations? An 
> alternative of course would be to rename root.

I agree. Allowing root login via ssh and password authentication at the
same time by default sounds like a "please try some brute force attack"
invitation to me :-)

Vincent

-- 
Les gens heureux ne sont pas pressés.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx