Changing SSH and Apache ports

Scot L. Harris webid at
Fri Dec 16 17:06:08 UTC 2005

On Fri, 2005-12-16 at 11:54, Dotan Cohen wrote:

> I just spent a few minutes googling the subject, and it appears that
> apache, mail, etc dont have passwords at all. So why do they bother
> trying to SSH in on those names? Or will the root password let them in
> (I'd try it before I ask, but I'm not home now and the machine is
> behind a new router that I haven't configured for port forwarding
> yet)?

They are looking for any valid user id on the system that MIGHT have had
a password set.  Shotgun approach, hit them all and maybe one of them
might work.

> If root is disabled from logging in via ssh, and I only have one other
> real user on the system (who I WANT to let in), then is there no real
> reason to use AllowUsers?

specifying the specific user by AllowUsers is best practice.  If someone
did set a password on one of those other accounts this would prevent it
from being used for ssh access.

> Also, if I post something here that I copied from the command line, like:
> [sharon at localhost] $

> is this insecure? Because that is saying "Here! Use user 'sharon' to
> SSH me!". Should I be more careful in the future with that?

Not a bad idea.

More information about the fedora-list mailing list