F22 System Wide Change: Set sshd(8) PermitRootLogin=no
P J P
pj.pandit at yahoo.co.in
Tue Jan 13 05:17:02 UTC 2015
On Tuesday, 13 January 2015 1:10 AM, Stephen John Smoogen wrote:
>Sorry if I am misunderstanding but the feature is to address brute
>forcing the root account so that they do not get root access to the server.
Right.
>I am saying that this isn't a speed-bump because they are already trying
>to brute force all the accounts on the system and so if they get one,
>they will become root as they already have the password for the account.
>Thus I do not see how it solves the first problem.
Well, it prevents the direct brute-forcing of root accounts. The feature
does not address brute forcing of the non-root accounts and its further
implications. Secondly, usage of ssh keys for remote 'root' access,
with 'PermitRootLogin=without-password' would provide better returns in
the long term.
>I do not disagree. I just think that the sophistication of the malware
>robots is high enough that saying the above does not help hardening
>without further changes. [Adding a password creation tool to anaconda
>and gnome-first-boot to help people create 'stronger' passwords would
>seem to do more in hardening.]
They already have that, no? When you set password, it shows a bar
meant to indicate password strength, IIRC.
---
Regards
-Prasad
http://feedmug.com
More information about the devel
mailing list