-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Petr Klíma wrote: > John Andersen wrote: >> I don't think that is a universally accepted setup. The only risk to >> root ssh logins is based on ancient flaws and timing attacks in >> long obsolete versions of ssh. > > It has other reason - noone can do successfull dictionary attack on root > account when it's not allowed to login as root. You can try to rule out > this possibility by using strong password, but it might be wiser to > restrict root login from trusted IPs or deny it completely (while using > strong root password of course). > > Tosuja
If for any reason you need to allow plaintext passwords (e.g. the Symbian version of PuTTY only handles plaintext passwords) then this is a very good idea. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGWp6basN0sSnLmgIRAlt+AJ4yl0DG9ta7JK7AWdRAvqYo4pV+nACffLEn zJ5ss9CSKECkKNbd0/Fphok= =4+2d -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
