On Fri, 7 Mar 2003, David Busby wrote: > I'll probably get flamed for this but... > On my boxes I leave root able to SSH, but I also give root a 12 > char password from a random-char-gen thingy. Makes it hard to > remember/brute force my passwords so I feel OK. I'm also using the > latest OpenSSL/OpenSSH so I think my risk of exploit is small. Let the > flames begin. > > /B > I preferrer to set root to "PermitRootLogin without-password" so you can only log in with a valid key pair. As long as you have a good password on the private key, it makes it hard for anyone to log in. They have to get the private key, and crack the password... The only disadvantage is that if they do manage to crack your machine, and get your private key, the can crack the password on their machine, instead of over the Internet. Not a real big problem for me, as the machines with the private keys do not accept incomming Internet connections...
Mikkel -- Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list