28 May
2007
28 May
'07
09:02
John Andersen wrote:
I don't think that is a universally accepted setup. The only risk to root ssh logins is based on ancient flaws and timing attacks in long obsolete versions of ssh.
It has other reason - noone can do successfull dictionary attack on root account when it's not allowed to login as root. You can try to rule out this possibility by using strong password, but it might be wiser to restrict root login from trusted IPs or deny it completely (while using strong root password of course). Tosuja -- Petr "Tosuja" Klíma Mail: tosuja@tosuja.info Web: www.tosuja.info ICQ: 52057532 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org