Quote:
|
Originally Posted by hotstuff
with all due respect, disabling root login is just a hassle and makes no sense whatsoever. if you have a strong password, which you always should, any compromise which will result in that password being divulged will also give the attacker the username and vice versa.
restrict access to ssh to a well known, fully secured (no extra applications running, no remote access) box. run ssh on a non-standard port. run a non-standard sshd. disable the banner. these are all things which are relatively easy to do. for those of us with more skills and more advanced needs, custom kernel modules, custom ssh/sshd and otp.
disabling root login doesnt even figure on the radar.
|
I dont agree at all, almost all documents or papers written on hardening a linux/unix box say to disable root remote login. I worked for ibm for 8 years in hosting and the first thing we did on all boxes was disable root remote login. A good password is always the key, but you should always login as a user and then SU to root if needed. Everyone has their way of hardening a box and this is the way i personally (and alot of security people) think is a step that needs to be done to a linux box to harden it. It doesnt take the place of proper password usage, but its a step that should be done.
Thats my
and im sticking to it.