SSH hacked?

[Derek Broughton]

Mark Haney wrote:

> Anthony M. Rasat wrote:
>> Mark Haney wrote:
>>> However, if you don't allow root login via ssh the chance of an attacker
>> getting in is ZERO.
>> 
>> If somebody willing to pay a babe getting inside my pants in exchange of
>> a root password, I'd be happy to give two passwords.
>> 
>> I think this is what security experts called social engineering. Far more
>> easier and faster too. And the chance of success is definitely higher
>> than ZERO. Unless (chuckles) it was a wrong bait.
>> 
> 
> Nope, this sad attempt at humor does not apply to what I said. I said
> 'allow root login VIA SSH'.  I didn't say anything about getting the
> root password in any other method.  Please RTFP before replying if you
> have nothing constructive to add to it.

Oh, don't be so humorless.  He has a good point (and _I_ thought it was 
funny).
 
Now, if Anthony hadn't broken the References chain, I could see exactly what 
you wrote, but since he did, I'll just have to go on that one line quoted 
out of context - in which case I can't quite see how the chance of an 
attacker getting into your system via ssh whether or not you permit root 
logins is zero.  A hacker might always find my admin username, login via 
that, and then do anything he wants via sudo.  I could prevent my admin user 
logging in via ssh, too - but then it would mean I'd need physical access to 
do maintenance.  Not the best of ideas, imo.