Hi, On Thu, Feb 24, 2011 at 07:25:39AM -0700, Aaron Toponce wrote: > On Thu, Feb 24, 2011 at 10:18:20AM +0100, Klistvud wrote: > > 4. The sshd daemon allows root logins by default. > > Oh brother. The ssh daemon also allows logins via passwords. I assume > you think this is less secure as well, as ssh keys should be the > preferred method. We should also change the port off 22 to something > like 31867, right? > > Security by obscurity my friend. Security by obscurity.
Some time, well thought "security by obscurity" may be a good idea. I do not bother disabling root login but I may put "knockd" to prevent chance of DOS attack or brute force break-ins. > -- > . o . o . o . . o o . . . o . > . . o . o o o . o . o o . . o > o o o . o . . o o o o . o o o -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110224145925.gb17...@debian.org
