From: Jim Hyslop <jhyslop@dreampossible.ca>
To: debian-user@lists.debian.org
Subject: Re: authentication failure
Date: Wed, 14 Mar 2007 23:46:54 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrei Popescu wrote:
> BTW, IM*VERY*HO I'm not entirely convinced the maintainer is right, but
> who asks me? :)
I agree with you. His main argument seems to be that an ordinary user
has access to root anyway, so why prevent direct access to root? Well,
for one thing, setting PermitRootLogin to 'no' means the attacker will
have to break two passwords, not one. Passwords are like locks: you can
never keep a determined attacker out, all you can hope to do is slow
them down until you can get the authorities to the scene. Mind you, I
have no idea how long it takes these days to break a password through
brute force or a dictionary attack; if it's measured in seconds, then I
guess the extra layer is a moot point.
He did say there was a lot more discussion around the issue. It may be
worth asking him if the discussion has been archived somewhere.
- --
Jim Hyslop
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFF+MGuLdDyDwyJw+MRAvkwAKD7ywt610Yi1gdRlEOgkeCivIrqIgCZAQL4
rLYHNAejKuWHo0dsOB6hO/M=
=L25C
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact