On 5/8/06, Lars Hansson <[EMAIL PROTECTED]> wrote:
On Sunday 07 May 2006 18:41, Jonathan Glaschke wrote:
> If administrators are so dump to use an emtpy password on internet
> servers, it wouldn't be usefull to force a password.
That's not necessarily dumb. If your location is physically secure and you
dont allow remote root logins there is no problem with having a blank root
password, especially on a router or firewall that only runs a minimal number
of services.
As far as I know: by default only ssh is a possible way in and guess what:
PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings. The
default is ``no''.
So you don't need to disable remote root logins.
Wijnand
