Re: Root password strength

To: debian-user@lists.debian.org
Subject: Re: Root password strength
From: Greg Wooledge <greg@wooledge.org>
Date: Tue, 19 Mar 2024 11:02:11 -0400
Message-id: <[🔎] Zfmo86rF1RuLF-U_@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] CAJt2aJW8na7_gkqGi8vpjiMub4TT+Mu__PfbnPYXfGwbn9+wnQ@mail.gmail.com>
References: <[🔎] CAJt2aJW8na7_gkqGi8vpjiMub4TT+Mu__PfbnPYXfGwbn9+wnQ@mail.gmail.com>

On Tue, Mar 19, 2024 at 05:42:55PM +0300, Jan Krapivin wrote:
> The root user's password should be long (12 characters or more) and
> impossible to guess. Indeed, any computer (and a fortiori any server)
> connected to the Internet is regularly targeted by automated connection
> attempts with the most obvious passwords. [...]

For most people, this really isn't a concern, because they either don't
run an ssh server at all, or they use the default sshd_config which does
not allow root logins.

The only time you need to worry about this is if you:

 * Run an ssh server, AND
 * Accept ssh connections from the public Internet, AND
 * Have changed the sshd_config file to allow ssh root logins.

Reply to:

Follow-Ups:
- Re: Root password strength
  - From: jeremy ardley <jeremy.ardley@gmail.com>

References:
- Root password strength
  - From: Jan Krapivin <daydreamer199005@gmail.com>

Prev by Date: Re: Root password strength
Next by Date: Re: Root password strength
Previous by thread: Re: Root password strength
Next by thread: Re: Root password strength
Index(es):
- Date
- Thread