>>>>> "Matthew" == Matthew S Hallacy <poptix at poptix.net> writes: Matthew> On Tue, Dec 07, 2004 at 02:19:19PM -0600, rpgoldman at real-time.com wrote: >> >> I'm no expert on PuTTy use, so I'm shutting up about that. But, >> absolutely AS SOON AS POSSIBLE, shut off remote root access through >> SSH! Once you've got a user account working, you'll be able to log in >> as a user and su to root for anything rootish you need to do. >> >> If you don't do this, the next time there's an sshd hole, your machine >> will be toast.... Matthew> What kind of crack are you smoking? There is no good Matthew> reason to turn off remote root logins, beyond an extra Matthew> password to type. If they snarfed *YOUR* password from Matthew> somewhere they can probably snarf your root password as Matthew> well when you su -. A lot of people who turn off remote Matthew> root also setup sudo so they don't have to type the root Matthew> password, making it moot to begin with. Well, if I'm smoking crack, I'm not the only one. From "Securing and Optimizing Linux: RedHat Edition -A Hands on Guide": PermitRootLogin no The option PermitRootLogin specifies whether root can log in using ssh. Never say yes to this option. Matthew> A bug in ssh isn't going to magicly say 'oh, but they Matthew> have allowrootlogin turned off, i guess i won't be Matthew> vulnerable today!' Huh? Well here's at least one reason: all those bots that try repeatedly to do root login over ssh aren't going to get anywhere... The internet storm center reports endemic ssh scans out in the wild. anything I can do to make this harder for them (including a little crack) is fine with me... R _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list