| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4174E5B6.6070806@amazinginternet.com> From: ronny.adsetts at amazinginternet.com (Ronny Adsetts) Subject: Re: Re: Any update on SSH brute force attempts? Barrie Dempster said at 18/10/2004 15:39: > On Mon, 2004-10-18 at 14:01 +0100, Dave Ewart wrote: > >>Well yes, that's fair enough - however, allowing direct root access does >>make certain things more straightforward, automated use of 'scp' etc. > > Yeh, but theres only a select few people crazy enough to scp files into > places that require root access. > > People that fall into the more sane side of security use less error > prone methods of updating configurations (which is what I'm guessing > your using scp here for). There are very few valid reasons to have > direct remote root access (so few I can't currently think of a one) > remote admin tasks can be carried out by means other than login in > directly as root. How about where you have no local users except root - all other users are via LDAP or similar - and some catastrophe takes out your user DB? Allowing root ssh login will at least get you access to the box. Allowing root ssh access but setting policy on its use seems a better option to me. And running jack the ripper on your password hashes of course. Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Powered by blists - more mailing lists