Re: Things I Don't Understand About Debian

To: debian-user@lists.debian.org
Subject: Re: Things I Don't Understand About Debian
From: Osamu Aoki <osamu@debian.org>
Date: Thu, 24 Feb 2011 23:59:26 +0900
Message-id: <[🔎] 20110224145925.GB17571@debian.org>
In-reply-to: <[🔎] 20110224142539.GF17846@poseidon.cocyt.us>
References: <[🔎] AANLkTi=X5zHBuqRV41Sf5x-qra3SiUzGB+jiCrcOatmx@mail.gmail.com> <[🔎] 1298539100.4085.1@compax> <[🔎] 20110224142539.GF17846@poseidon.cocyt.us>

Hi,

On Thu, Feb 24, 2011 at 07:25:39AM -0700, Aaron Toponce wrote:
> On Thu, Feb 24, 2011 at 10:18:20AM +0100, Klistvud wrote:
> > 4. The sshd daemon allows root logins by default.
> 
> Oh brother. The ssh daemon also allows logins via passwords. I assume
> you think this is less secure as well, as ssh keys should be the
> preferred method. We should also change the port off 22 to something
> like 31867, right?
> 
> Security by obscurity my friend. Security by obscurity.

Some time, well thought "security by obscurity" may be a good idea.  

I do not bother disabling root login but I may put "knockd" to prevent
chance of DOS attack or brute force break-ins.


> -- 
> . o .   o . o   . . o   o . .   . o .
> . . o   . o o   o . o   . o o   . . o
> o o o   . o .   . o o   o o .   o o o

Reply to:

References:
- Things I Don't Understand About Debian
  - From: Carlos Mennens <carloswill@gmail.com>
- Re: Things I Don't Understand About Debian
  - From: Klistvud <quotations@aliceadsl.fr>
- Re: Things I Don't Understand About Debian
  - From: Aaron Toponce <aaron.toponce@gmail.com>

Prev by Date: Re: unsuscribe
Next by Date: Can't umount smb share because of nepomukse
Previous by thread: Re: Things I Don't Understand About Debian
Next by thread: Re: Things I Don't Understand About Debian
Index(es):
- Date
- Thread