| From: Tim via users <users@xxxxxxxxxxxxxxxxxxxxxxx> | If any user should need the enforcement of good passwords, it's the | root user. If your PC was on a LAN where crackers can have a go at | you, this could be very important. It does not take long for someone | to mess up a system if they can get in. It's better to be safe than | sorry. To me the obvious thing is to simply pick a better password. | e.g. Just make it two words long instead of one. In my opinion, best practice is to not allow an SSH login to root. So the root password isn't directly relevant in the LAN (or wider internet) case. For internet-exposed boxes, I don't let SSH use password authentication at all, for any user. Boy is there a lot of bogus SSH traffic that tries brute-forcing SSH. I have physical security for most of my boxes (less so for wanderers like notebooks). _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
