Le mardi 01 avril 2008, à 10:44 +0200, Dominique Leuenberger a écrit :
On Tue, Apr 1, 2008 at 4:45 AM, "Ciro Iriarte"
wrote: If you have to move hardware around just to change a line in the ssh configuration, it is annoying. Regarding the regular user, as I stated before, not all servers need regular users, think about a cyrus imap black-box server... I'm just giving my impressions...
What stops you from having your own corp wide admin user in this case? and I'd suggest to name it somewhat non trivial already. root is most likely one of the most tried login attempts to my ssh daemon. so even though I need root right, I would never ever allow it to log in directly via SSH.
call me paranoid, but I prefer somebody hacking in a dummy user account and then having to break a su password in plus. And the log file of failed login attempts shows me it's not the worst to do... why have them 'only' guess the password, if I can have them guess user AND password combinations? An alternative of course would be to rename root.
I agree. Allowing root login via ssh and password authentication at the same time by default sounds like a "please try some brute force attack" invitation to me :-) Vincent -- Les gens heureux ne sont pas pressés. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org