On Fri, 7 Mar 2003, David Busby wrote:
> I'll probably get flamed for this but...
> On my boxes I leave root able to SSH, but I also give root a 12
> char password from a random-char-gen thingy. Makes it hard to
> remember/brute force my passwords so I feel OK. I'm also using the
> latest OpenSSL/OpenSSH so I think my risk of exploit is small. Let the
> flames begin.
>
> /B
>
I preferrer to set root to "PermitRootLogin without-password" so you can
only log in with a valid key pair. As long as you have a good password
on the private key, it makes it hard for anyone to log in. They have to
get the private key, and crack the password... The only disadvantage is
that if they do manage to crack your machine, and get your private key,
the can crack the password on their machine, instead of over the
Internet. Not a real big problem for me, as the machines with the
private keys do not accept incomming Internet connections...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
