Re: Root password strength
Dan Ritter <dsr@randomstring.org> wrote:
> Jan Krapivin wrote:
> > I read Debian Administrator's handbook now. And there are such
> > words:
> >
> > The root user's password should be long (12 characters or more) and
> > impossible to guess.
> ...
>
>
> > The thing is my password is very easy now, and i haven't thought
> > about *"automated
> > connection attempts"*, that sounds rather... scary? My password is
> > easy because i am not afraid of direct physical access to the
> > computer.
> >
> > But... if there is a serious network danger, then i should change my
> > password of course. But how strong it should be? If we speak about
> > network attacks... it should be like 32 symbols with special
> > symbols? Or this paragraph in a handbook is rather paranoid?
> >
> > I have activated sudo now for my regular user. Can it (password of
> > regular user) be less sophisticated than root password? Because it
> > would be rather difficult to enter 32 symbols every time i wake my
> > PC after suspend.
>
> The threats are different for:
>
> - a laptop that travels and can be stolen
> - a desktop that does not leave your residence
> - a server that accepts connections from the outside world
>
> If you have a laptop, you want to have your filesystem encrypted
> (LUKS or ZFS encryption, most likely) and protected by a 12+
> character password.
>
> If you have a desktop, perhaps you feel it is at low risk.
>
> If you have a machine that runs the ssh daemon, you should not
> use passwords at all for remote logins; you should use ssh keys.
>
> Check whether you are running ssh:
>
> /sbin/service ssh status
It's not called ssh; it is sshd
Also nowadays it's more usual to say
$ systemctl status sshd
> If it is active, use sudo to edit /etc/ssh/sshd_config to lock
> down access. (It may be that you don't want it running at all,
> too.)
>
> -dsr-
>
Reply to: