Michael Fleming wrote: > - NEVER ssh as root. PermitRootLogin defaults to "no" in OpenSSH for > good reason. If your root password is weak and an attacker guesses > it, it's game over, your machine is compromised and you're another > zombie in someone's botnet. Log in as a regular user and su A minor nit, but root login is allowed by default in upstream OpenSSH (and in the Fedora packages). I disable that on my systems, which I think it a good practice. But the default allows root logins for a number of reasons, one of which, I believe, is that there may not be any users on the system when it is first installed and an admin may need to ssh in and create them (for those admins that don't have kickstart, cobbler, puppet, and/or some other handy tool(s) for provisioning new systems). >> I think it's very unfortunate that Microsoft has done such a poor >> job of encouraging and allowing users to run with the least >> privilege needed. > > This isn't strictly Microsoft's fault alone. Their engineers have > been aiming to get users to run with the least available rights (and > good users / administrators have tried to do so, with mixed success) > but a combination of laziness on the parts of application > developers, "Enterprise" admins of MS domains and users (who are > subject to and learn bad habits from lazy admins and developers) > often results in users being added to Administrator groups (or just > logging in to the Administrator account) with disasterous results. Well, I don't give MS much slack on this, as it should mostly be their responsibility to make it possible to easily run without administrator privileges. The fact that it's only in the last 10 years or less that that they've even been talking about least user privilege shows how far behind the curve they are. But that's already getting pretty far off-topic for this list and this thread. ;) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are no differences but differences of degree between different degrees of difference and no difference. -- William James, under nitrous oxide; 1882
Attachment:
pgpxikAC6RRk5.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines