[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to gain control over the system?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Jul 16, 2017 at 09:42:46AM -0400, RavenLX wrote:

[...]

> I use a laptop but I've never needed to ssh into a laptop computer.
> Also, if you want to set up ssh, add ssh client and set up your user
> (sudo enabled) account and random obscure port in sshd config. Be
> sure to set it up so that it uses a key pair. Then you still won't
> need root over ssh.

I must have been unclear. I think I explicitly discouraged from
allowing root login via SSH (this is the general recommendation
out there anyway).

The *only* case a root account (with password) may help is a
busted boot (e.g. by a root FS file system check dropping into
an interactive root session, among other things). There, you
need a root password (or alternatively, a rescue medium, if
you have one handy). And in this case (root login with password
restricted to physical presence) there is no security downside,
in the "normal" case (i.e. laptop or workstation). A kiosk
or (physically remote) server is a different story, though.

Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAllrer8ACgkQBcgs9XrR2kY5ZACfbrpofJQNLQP86QgM7AVRyXgL
qgIAnimLiZVrAverAnPcJYp1JYOCniLF
=C82S
-----END PGP SIGNATURE-----
Reply to: