PHWinfo - Afficher un message - A great answer to dictionary attacks on root

13/09/2006, 20h56

Ignoramus7715 wrote:

> I need to copy some things to that machine that need to be owned by
> root, from cron jobs. I need that root logon.

You've got the point.

> I do not see how it would be more risky to permit keyed root logons,
> as ssh keys cannot be guessed like passwords.

Cause I can imagine that some time someone will find a way to compromise the
key mechanism and brake into the system, especially when you're using
passwordless keys for cron. So, for me, disallowing remote logons to the
root account always seems to be a bit more secure.

--
---
Cezary Morga

13/09/2006, 20h56	#6
Cezary Morga Messages: n/a Hébergeur:	Re: A great answer to dictionary attacks on root Ignoramus7715 wrote: > I need to copy some things to that machine that need to be owned by > root, from cron jobs. I need that root logon. You've got the point. > I do not see how it would be more risky to permit keyed root logons, > as ssh keys cannot be guessed like passwords. Cause I can imagine that some time someone will find a way to compromise the key mechanism and brake into the system, especially when you're using passwordless keys for cron. So, for me, disallowing remote logons to the root account always seems to be a bit more secure. -- --- Cezary Morga