>we also have no data about the prevalence of weak passwords or attacks >on default-configured Fedora systems On my firewall system, /var/log/secure is larger than 300 megabytes (less than one month of data), most of it reports of failed login attempts to root. I am very careful about passwords on this machine. Some of the security companies operate "honeypot" machines, and may have interesting numbers about ssh attacks. Red Hat probably also has data about unwelcome attempts to access its systems. Like some other security issues, it is as much about psychology as it is about code. However elegant the software technology may be, its value is small if users pretermit its use. Aside from the usual problems with strong passwords, the problem I see is that the user who changes the root password does not think about ssh attacks. If some ssh configuration change is needed to permit root login, at least we have some reason to believe the risk has been evaluated. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
