Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/21/07, Nicolas Mailhot <nicolas.mailhot@xxxxxxxxxxx> wrote:
Le mercredi 21 mars 2007 à 20:42 +0100, Thomas M Steenholdt a écrit :
> Alexander Boström wrote:
> >
> >> Lets settle for a default configuration with a good balance between
> >> usability and security. Like perhaps disabling root login or something.
> >
> > Taking over a user account is really almost as bad as root access. The
> > typical desktop user is thoroughly screwed regardless.
> >
>
> I agree that compromising a user account is still bad. But not nearly as
> bad as root access (if one must choose), but if root access through ssh
> is disabled by default, attack scripts would have to *guess* a user to
> bruteforce and can't rely on bruteforcing "root" who exists on every
> *nix system.

attackers *do* brute-force usernames, probably because root is usually
secured but you can hope hitting a user account with no password

install pam_abl. It will profile the attacks for you (for exemple on my
system root is the most attacked user but this is dwarfed by one-shot
dictionary-user tries)

Hence my point of havign root login off by default.

--
Fedora Core 6 and proud

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux