Re: Root Access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Fleming <mfleming@xxxxxxxxxxxxxxxxxxx> writes:
> - NEVER ssh as root. PermitRootLogin defaults to "no" in OpenSSH for
>   good reason. If your root password is weak and an attacker guesses
>   it, it's game over, your machine is compromised and you're another
>   zombie in someone's botnet. Log in as a regular user and su

I was with you up to this.  The bug is that foolish folks allow unix
passwords for ssh at all.  The attackers have all the time in the world
and the newish admins will likely pick passwords that aren't all that
random even if they think they are clever by substituting the occasional
0 for O or similar.

I have always allowed root access.  Of course only RSA 1k and up
passwords are allowed.  Let's see some attacker guess.  If you don't
share RSA passwords among admins you can still turn off one password
without impacting other admins.  Beats changing the root unix password
where everybody shares it and changing it impacts everyone.

-wolfgang
-- 
Wolfgang S. Rupprecht              Android 1.5 (Cupcake) and Fedora-11

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux