Greg Wooledge <g...@wooledge.org> writes: > On Tue, Mar 19, 2024 at 05:42:55PM +0300, Jan Krapivin wrote: >> The root user's password should be long (12 characters or more) and >> impossible to guess. Indeed, any computer (and a fortiori any server) >> connected to the Internet is regularly targeted by automated connection >> attempts with the most obvious passwords. [...] > > For most people, this really isn't a concern, because they either don't > run an ssh server at all, or they use the default sshd_config which does > not allow root logins. > > The only time you need to worry about this is if you: > > * Run an ssh server, AND > * Accept ssh connections from the public Internet, AND > * Have changed the sshd_config file to allow ssh root logins.
The last condition is not needed. Quite often ssh bots tests other accounts (ubuntu, admin, php, www, etc...) and if these account allow su/sudo this also migh be a threat. KJ -- http://wolnelektury.pl/wesprzyj/teraz/
