On 5/14/08, Ben Calvert <[EMAIL PROTECTED]> wrote: > On May 14, 2008, at 5:22 PM, Darrin Chandler wrote: > > Are you sure that's a decent analysis? If you have a non-debian system > > with the full number of keys available, what are the chances that you've > > landed on one of the 32767 keys? Not very likely. So that analysis seems > > alarmist and sensational to me.
Because nobody would ever run ssh-keygen on their ubuntu desktop and copy that to authorized_keys on another computer. > and it only applies if you're using keys _without_passphrase_. on your > root account. > > do people actually allow remote root access ? for more than 5 minutes > after install? lots of people. some people even type sudo or su after logging in. not all of them type the full path every time they do so.