Always Learning wrote:
On Thu, 2011-01-27 at 06:40 -0500, Stephen Harris wrote:
*NEVER* use password authentication for root (passwords are easier to brute force 'cos people choose bad passwords). Use ssh public key access for root, with appropriate restrictions (eg "from=").
You haven't seen my long and difficult (for others) password (uppercase, lowercase, and digits). It is unlikely ever to succumb to brute force. :-)
Ah, no. Where can you log in as root from? If it's anywhere outside the intranet, bad, bad, bad. Thre's been reports that the serious encryption keys can be cracked in a very short time, thanks to an account on Amazon's cloud. Here at work, you can only log in as root *from* *the* *console*; anything else, it's either via ssh keys, or as yourself, then sudo (or sudo -s).
When I have more than one machine at home, I *only* allow ssh from the internal net, and *never* from outside.
mark