Michael Fleming <mfleming@xxxxxxxxxxxxxxxxxxx> writes: > - NEVER ssh as root. PermitRootLogin defaults to "no" in OpenSSH for > good reason. If your root password is weak and an attacker guesses > it, it's game over, your machine is compromised and you're another > zombie in someone's botnet. Log in as a regular user and su I was with you up to this. The bug is that foolish folks allow unix passwords for ssh at all. The attackers have all the time in the world and the newish admins will likely pick passwords that aren't all that random even if they think they are clever by substituting the occasional 0 for O or similar. I have always allowed root access. Of course only RSA 1k and up passwords are allowed. Let's see some attacker guess. If you don't share RSA passwords among admins you can still turn off one password without impacting other admins. Beats changing the root unix password where everybody shares it and changing it impacts everyone. -wolfgang -- Wolfgang S. Rupprecht Android 1.5 (Cupcake) and Fedora-11 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
