Alan Cox wrote:
On Tue, Mar 18, 2008 at 01:38:56AM -0700, Andrew Farris wrote:
Well, thats true, but firstboot could disable ssh for root once a user
account is created (unless a checkbox was left enabled or something).. and
you'd still get perfectly acceptable behavior for headless installs.
Root isn't the high risk. User accounts and sshd bugs are the high risk.
Well I understand why those are a high risk, but with root at least the attacker
knows the username, normal usernames is a double blind brute force right? I
know my own system used to see many more root attempts than anything else, and a
typical desktop user of the inexperienced kind is going to have the same root
password and user password. If root is allowed to login remotely its *a risk*
at least.
--
Andrew Farris <lordmorgul@xxxxxxxxx> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
