F22 System Wide Change: Set sshd(8) PermitRootLogin=no
P J P
pj.pandit at yahoo.co.in
Mon Jan 12 11:45:25 UTC 2015
Hello Milan,
> On Monday, 12 January 2015 3:11 PM, Milan Keršláger wrote:
> No, this is not good idea as I wrote few minutes ago because it does not
> improve security, it just provide feeling of better security, see:
> https://en.wikipedia.org/wiki/Security_through_obscurity
I disagree. First of all, there is no _obscurity_ in it. Obscurity would have been if we just changed name of the 'root' user to something else, say Admin/Superuser/Batman etc.
This feature _restricts_ remote root access to a machine. It is a preventive measure; Just like having SELinux or firewall or disabling services which are not used. Look at it as being analogous to two factor authentication. It involves two steps to gain remote root access to a machine, instead of one. This preventive measure can thwart real brute force attacks. Which is a net gain in terms of safety to users.
> Disabling root loging does not solve the problem and it profides only
Which problem? It seems you've different understanding of its purpose.
On Monday, 12 January 2015 4:18 PM, Francisco Alonso wrote:
>That's not security through obscurity. It's a way to limit
>the exposure to a brute force attack with an a privileged account.
>Also this allows the user uses a different account so remote
>attacks that user is unknown and can not be used to brute
>force delimiting more exposure.
Exactly!
Thank you.---
Regards
-Prasad
http://feedmug.com
More information about the devel
mailing list