* Krzysztof Pawlik <nelch...@gentoo.org> schrieb: > Interesting... to me that's not only stupid but also kinda useless - there's > no > difference between brute-forcing a password for user named 'foo' or 'root' - > user name doesn't matter much. Actually according to my ssh logs attackers > usually don't even try root, they try other user account names way more often.
ACK. And if you're really frightened of someone cracking the user "root"'s password/key, you simply could lock that account and add another superuser. Keep in mind, these BSI guys are beaurocrats, not hackers. If they were hackers, they'd prefer source distros over binary ones to add more randomness to the overall installed machine code ... cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ --------------------------------------------------------------------- Please visit the OpenSource QM Taskforce: http://wiki.metux.de/public/OpenSource_QM_Taskforce Patches / Fixes for a lot dozens of packages in dozens of versions: http://patches.metux.de/ ---------------------------------------------------------------------
