bruce <badouglas@gma il.com> writes: > You then mod SSH as required to disable root login > OK, what else should you do?
Root login isn't a bad idea in and of itself. More important is to not allow anything but public key logins (eg. ECDSA, RSA). For people logging in with root credentials, give everyone a different public key and keep a secure copy of /var/log/secure on a secure system for backtracking breakins. Each login (including root) will show which key was used to log in. You can easily see who lost control of their key. I'm a firm believer in never allowing passwords logins over the net. Users will hardly ever use random-letter-upper-lower-number passwords. They always think they are oh so clever with easily guessed strung together words, with or without a punctuation char. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
