On Thu, Mar 20, 2014 at 8:43 AM, Timothy Murphy gayleard@eircom.net wrote:
Johnny Hughes wrote:
If you look at page 66 of the PDF, it tells you how to not get infected ... don't allow root logins and don't use passwords.
Thanks very much for your prompt response.
I was slightly surprised to see that PermitRootLogin seems to be set to Yes by default on CentOS (and also on Fedora).
I don't look at PermitRootLogin being yes by default as being a bad thing. Securing SSH doesn't stop at just its configuration.
Initially "root" is the online account on a Linux machine. It's up to the sysadmin to create another account [and further secure] the host.
This brings up other aspect of securing user accounts: 1) strong/somewhat random passwords (especially for root user) 2) firewall rules that only permit select hosts from accessing SSH (or other services)
And then there's password aging.
I'm very ignorant of these matters, but what advantage does this give? Can't I get to the same place by ssh-ing into the remote machine, and then su-ing there?
"root" is an easy username to guess ... and will exist on most Linux systems
There will likely not be a "tmurphy" or "gayleard" on most Linux hosts, so that account is less likely to be brute forced.
-- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos