On Monday April 24 2006 13:38, Dave Cotton wrote:
On Mon, 2006-04-24 at 14:50 -0200, Alexey Eremenko wrote:
Hi all !
I would like to discuss possibilities to improve default SUSE Linux security.
What can be done to effectively improve it ?
1. For one thing - disable root access via SSH in default config.
as described below, it protects from enemy guesswork: http://geekpit.blogspot.com/2006/04/five-minutes-to-more-secure-ssh.html
Mandrake/Mandriva went down this route, it caused a great deal of problems.
It may seem a good idea at first, but when you're trying to update a lot of machines it's a real PITA.
I always turn it off on all my servers. And I know a lot of admins who do as a course of good security practice. Personally, I'd rather see it turned off by default, then let those that need it go in and turn it on. Personally, I've found there's little I actually need to ssh as root for. I can do everything through su once I'm logged in as my normal user. -- ~R~ ---------------------------------------------------------- Every journalist has a novel in him, which is an excellent place for it.