On Fri, Dec 15, 2006 at 02:35:50PM +0100, Olive wrote: > > >Because, to login from outside you will need to guess a valid username > >and the corresponding password. After that the root password will have > >to be guessed locally which would leave a fat trace in the logs. In > >addition, most of the bots around try to guess the root password and do > >not spend a lot of time for normal accounts. > > > >Now, if you always have strong password, this should not matter. But > >there is still the risk that your password looks like an obsfucated and > >misspelled version of a foreign word which you have no clue about but a > >lucky bot operator will try. You could also have you password leaked for > >a stupid reason. In which case requiring a su/sudo will put a name on > >the perpetrator... > > > >It is just my opinion on it but I hope it helps. > > This answer in't entirely convincing. For example if you can sudo with > the normal password account, I do see any difference in security in > allowing root ssh or not. The logs are usefull as long as the offender > did not succeed to have root access, after that it is very easy for the > offender to clear the logs. > Hi Olive, Security is process. Each step adds just a little more. With any effort, it takes 10x as much work to get to a better level of (uptime|security|unbugginess). If you want more security, add SELinux, remote logging, seperate hard drives, password encrypted volumes, etc. The only thing you need is time, money and motivation to do it all. Cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org |
Attachment:
signature.asc
Description: Digital signature