sshd
Peter Garrett
peter.garrett at optusnet.com.au
Thu Jun 22 00:28:40 UTC 2006
On Wed, 21 Jun 2006 16:37:24 +0100
"Dick Davies" <rasputnik at gmail.com> wrote:
[snip]
> with ubuntu, it doesn't matter whether PermitRootLogin is enabled
> or not. People can *still* bruteforce a password over ssh and get root access,
> as your normal user password is enough for sudo to let them destroy your
> box.
True - of course, first they have to guess/know/brute-force your user name,
whereas to get root they already know the name without needing any
information
- i.e. "root".
Still, a good argument for ensuring that your user password is a tough one
to crack.
Peter
More information about the ubuntu-users
mailing list