Hi, > today I found that different Linux distributions have various > policies regarding allowing remote root access. For example, > The Redhat/Fedora crowd seems to enable this on default installs, > but the Debian/Ubuntu don't, they recommend sudo. Yes, you can also throw the *BSDs into the mix and get really confused. Everyone has an opinion on the issue. > Suppose I ensure that root has a very strong password, then does > it really matter either way? One school of thought goes like this: Disabling root access altogether makes it impossible for someone who somehow obtains the password to break in - you don't even give the person a chance to hack by brute force, you take it out of his hand entirely. On the other hand, if you have for root password a 97-character string with large and small letters, numbers, special symbols, etc., and want to take your chances, then by all means enable root login. Or if you don't care whether you get pwned or not. SC
