derek at pointerstop.ca
Wed Jan 14 18:32:03 UTC 2009
Mark Haney wrote:
> Anthony M. Rasat wrote:
>> Mark Haney wrote:
>>> However, if you don't allow root login via ssh the chance of an attacker
>> getting in is ZERO.
>> If somebody willing to pay a babe getting inside my pants in exchange of
>> a root password, I'd be happy to give two passwords.
>> I think this is what security experts called social engineering. Far more
>> easier and faster too. And the chance of success is definitely higher
>> than ZERO. Unless (chuckles) it was a wrong bait.
> Nope, this sad attempt at humor does not apply to what I said. I said
> 'allow root login VIA SSH'. I didn't say anything about getting the
> root password in any other method. Please RTFP before replying if you
> have nothing constructive to add to it.
Oh, don't be so humorless. He has a good point (and _I_ thought it was
Now, if Anthony hadn't broken the References chain, I could see exactly what
you wrote, but since he did, I'll just have to go on that one line quoted
out of context - in which case I can't quite see how the chance of an
attacker getting into your system via ssh whether or not you permit root
logins is zero. A hacker might always find my admin username, login via
that, and then do anything he wants via sudo. I could prevent my admin user
logging in via ssh, too - but then it would mean I'd need physical access to
do maintenance. Not the best of ideas, imo.
More information about the ubuntu-users