ssh: Permission denied
Dylan Semler
dylan.semler at gmail.com
Fri Dec 22 19:34:06 UTC 2006
On 12/22/06, Manuel Arostegui Ramirez <manuel at todo-linux.com> wrote:
>
> El Viernes, 22 de Diciembre de 2006 19:22, Tim escribió:
> > Tim:
> > >> What happens if you try to log in as a non-root user?
> >
> > Simon Wu:
> > > Not root works fine.
> >
> > You've got two choices:
> >
> > 1. Change the configuration to allow remote root login. You can do this
> > by editing "/etc/ssh/sshd_config" (it's quite easy to spot what needs
> > changing).
>
> Definetly, that's not a good idea at all.
Here's something that I've always been curious about. I assume that the
dangers of allowing root log-in are:
1. It's a user name that every linux system (except ubuntu) has, so all a
hacker needs is the correct password in order to gain access, rather than
the correct user name and password.
2. Once access is gained, there are no restrictions on what the user can
do, as they are root.
However, if you use an 8-digit password with capital and lowercase letters,
numbers, and symbols, there are 8^( 26*2 + 10*2 + 20 ) = 8^92 =
1.21e83possible passwords. Since ssh waits about a second after each
incorrect
password and there have been only 3.32e17 seconds in the history of the
universe, it seems scritcly /impossible/ for a password to be guessed. So
the risk must not be from password-bots. What is the risk then?
Also, right now I set up sudo so it doesn't prompt for passwords, so in
effect, any user that logs in can become root. Is this very very bad as
well?
--
Dylan
Type faster. Use Dvorak:
http://dvzine.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20061222/33a933db/attachment-0001.htm>
More information about the fedora-list
mailing list