kentborg at borg.org
Wed Jan 14 16:35:26 UTC 2009
Mark Haney wrote:
> However, if you don't allow root login via ssh the chance of an
> attacker getting in is ZERO.
Let me get this straight. You see a real difference between, say,
0.000000000000 and 0.000000000001? (What color is your car??)
Other machines of mine do not have a root login. OK, so on those
machines crack my personal account (also not going to happen by brute
force) and sudo your way to root. Same destination. Same amount of work.
Whether script kiddies have something to bang against isn't going to
matter: A brute force attack is not going to work. Moving sshd is not
going to increase security*, and the extent to which anyone believes
otherwise is also the extent to which s/he is being distracted from real
issues. (Of which there are plenty.) There are FAR easier ways to break
into my machines than brute force login attempts.
-kb, the Kent who not going to paint his car silver on the front half
and black on the back half as a way to improve mileage.
* Except in the case of a machine with a terrible password, in which
case it is the *wrong* fix. Get a good password, and keep it secret.
(Both radical suggestions for most people.)
More information about the ubuntu-users