F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Przemek Klosowski
przemek.klosowski at nist.gov
Mon Jan 12 14:46:26 UTC 2015
On 01/12/2015 08:05 AM, P J P wrote:
> Again, issue being addressed is not of brute force attacks. But that
> of such attacks resulting in gaining 'root' access to remote machines.
> They are two distinct issues.
There still needs to be an administrative access to the system, and the
most common implementation by enabling 'sudo' on the non-privileged
account. So, in a sense you are both right: this feature is just a small
step rather than a security panaceum, but it does bring real
improvements in several areas:
- increases difficulty of the attack by banning stupid automated BF
attacks on root
- improves accountability for administrative actions (we know which
admin messed up :)
- allows more granularity in granting elevated privileges across a set
of machines and admins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150112/51ce7479/attachment.html>
More information about the devel
mailing list