-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrei Popescu wrote: > BTW, IM*VERY*HO I'm not entirely convinced the maintainer is right, but > who asks me? :)
I agree with you. His main argument seems to be that an ordinary user has access to root anyway, so why prevent direct access to root? Well, for one thing, setting PermitRootLogin to 'no' means the attacker will have to break two passwords, not one. Passwords are like locks: you can never keep a determined attacker out, all you can hope to do is slow them down until you can get the authorities to the scene. Mind you, I have no idea how long it takes these days to break a password through brute force or a dictionary attack; if it's measured in seconds, then I guess the extra layer is a moot point. He did say there was a lot more discussion around the issue. It may be worth asking him if the discussion has been archived somewhere. - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFF+MGuLdDyDwyJw+MRAvkwAKD7ywt610Yi1gdRlEOgkeCivIrqIgCZAQL4 rLYHNAejKuWHo0dsOB6hO/M= =L25C -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
