On Tue, Mar 18, 2008 at 04:34:32AM -0700, Andrew Farris wrote: > Alan Cox wrote: > > > >Root isn't the high risk. User accounts and sshd bugs are the high risk. > > Well I understand why those are a high risk, but with root at least the > attacker knows the username, normal usernames is a double blind brute force > right? It is enough on a creation of the first user account to drop "PermitRootLogin without-password" into sshd_config, restart sshd and root immediately ceases to be "high risk". Other risks remain but I am not sure if sshd is that prominent on that list. Michal -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list