On Tue, Dec 07, 2004 at 02:19:19PM -0600, rpgoldman at real-time.com wrote: > > I'm no expert on PuTTy use, so I'm shutting up about that. But, > absolutely AS SOON AS POSSIBLE, shut off remote root access through > SSH! Once you've got a user account working, you'll be able to log in > as a user and su to root for anything rootish you need to do. > > If you don't do this, the next time there's an sshd hole, your machine > will be toast.... What kind of crack are you smoking? There is no good reason to turn off remote root logins, beyond an extra password to type. If they snarfed *YOUR* password from somewhere they can probably snarf your root password as well when you su -. A lot of people who turn off remote root also setup sudo so they don't have to type the root password, making it moot to begin with. A bug in ssh isn't going to magicly say 'oh, but they have allowrootlogin turned off, i guess i won't be vulnerable today!' -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203 _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list