On December 22, 2020, Matthew Gillen wrote: >Seeing as how root has 10 times the hits of the next biggest target, >if you're not set up with some sort of MFA this is why it can be a >good idea to set the "PermitRootLogin no" option in your sshd config.
This may be obvious, but... setting "PasswordAuthentication no" is also a good idea to protect against ALL password-based logins -- root's or otherwise. If sshd permits only (say) PubkeyAuthentication, then attackers can't log in unless they have stolen the necessary private key and decrypted its (hopefully very strong) passphrase. -- Dan Barrett [email protected] _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
