Changing SSH and Apache ports
Scot L. Harris
webid at cfl.rr.com
Fri Dec 16 17:06:08 UTC 2005
On Fri, 2005-12-16 at 11:54, Dotan Cohen wrote:
> I just spent a few minutes googling the subject, and it appears that
> apache, mail, etc dont have passwords at all. So why do they bother
> trying to SSH in on those names? Or will the root password let them in
> (I'd try it before I ask, but I'm not home now and the machine is
> behind a new router that I haven't configured for port forwarding
> yet)?
They are looking for any valid user id on the system that MIGHT have had
a password set. Shotgun approach, hit them all and maybe one of them
might work.
>
> If root is disabled from logging in via ssh, and I only have one other
> real user on the system (who I WANT to let in), then is there no real
> reason to use AllowUsers?
>
specifying the specific user by AllowUsers is best practice. If someone
did set a password on one of those other accounts this would prevent it
from being used for ssh access.
> Also, if I post something here that I copied from the command line, like:
> [sharon at localhost] $
>
> is this insecure? Because that is saying "Here! Use user 'sharon' to
> SSH me!". Should I be more careful in the future with that?
Not a bad idea.
More information about the fedora-list
mailing list