On Jo, 24 feb 11, 17:21:51, Sjoerd Hardeman wrote: > > > >Security by obscurity my friend. Security by obscurity. > No, it is not. When root logins are allowed, you only need to know > one password. When root-logins are not allowed, you need to know two > passwords *and* a user name. The username is much more vulnerable to a dictionary attack than a password, I wouldn't consider that a real protection. Also, as soon as the account used to gain root privileges is compromised you should assume the root password is compromised as well (hint: are you *always* using su/sudo with full path?) I'm considering switching all the remote hosts I administer to 'without-password', because this way I can just lock the password for the user and never worry about changing it. The only trouble is that I would need two ssh connections if I have non-root things to do on the machine (now I'm using one connection + screen). Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment:
signature.asc
Description: Digital signature