[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: authentication failure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrei Popescu wrote:
> BTW, IM*VERY*HO I'm not entirely convinced the maintainer is right, but
> who asks me? :)

I agree with you. His main argument seems to be that an ordinary user
has access to root anyway, so why prevent direct access to root? Well,
for one thing, setting PermitRootLogin to 'no' means the attacker will
have to break two passwords, not one. Passwords are like locks: you can
never keep a determined attacker out, all you can hope to do is slow
them down until you can get the authorities to the scene. Mind you, I
have no idea how long it takes these days to break a password through
brute force or a dictionary attack; if it's measured in seconds, then I
guess the extra layer is a moot point.

He did say there was a lot more discussion around the issue. It may be
worth asking him if the discussion has been archived somewhere.

- --
Jim Hyslop
Dreampossible: Better software. Simply.     http://www.dreampossible.ca
                 Consulting * Mentoring * Training in
    C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFF+MGuLdDyDwyJw+MRAvkwAKD7ywt610Yi1gdRlEOgkeCivIrqIgCZAQL4
rLYHNAejKuWHo0dsOB6hO/M=
=L25C
-----END PGP SIGNATURE-----
Reply to: