From owner-freebsd-questions@FreeBSD.ORG Thu Feb 3 23:36:14 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22B5216A4CE for ; Thu, 3 Feb 2005 23:36:14 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D48C43D46 for ; Thu, 3 Feb 2005 23:36:13 +0000 (GMT) (envelope-from gert.cuykens@gmail.com) Received: by rproxy.gmail.com with SMTP id f1so307114rne for ; Thu, 03 Feb 2005 15:36:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=H+OMPSSzrZQQkZJMXMlVTSYYy3tYc0U6H1sQHy6p3vK84k0mHoQQTTvzhsnqGoB7I0qO1+HfI0D7m8abMpI3Q0BF0d0n/Hl6mbIYN4xj9PBCsWVXos9FjNHni+7hkM8TIXYTzGvVOS51k5qufFzOmysSetiW31E1FBA3VKZNf88= Received: by 10.38.151.22 with SMTP id y22mr350796rnd; Thu, 03 Feb 2005 15:36:12 -0800 (PST) Received: by 10.38.74.23 with HTTP; Thu, 3 Feb 2005 15:36:12 -0800 (PST) Message-ID: Date: Fri, 4 Feb 2005 00:36:12 +0100 From: Gert Cuykens To: Chris Hodgins In-Reply-To: <4202B512.9080306@cis.strath.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <4202B512.9080306@cis.strath.ac.uk> cc: freebsd-questions@freebsd.org Subject: Re: ssh default security risc X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Gert Cuykens List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 23:36:14 -0000 On Thu, 03 Feb 2005 23:34:42 +0000, Chris Hodgins wrote: > Gert Cuykens wrote: > > By default the root ssh is disabled. If a dedicated server x somewhere > > far far away doesn't have root ssh enabled the admin is pretty much > > screwed if they hack his user account and change the user password > > right ? > > > > So is it not better to enable it by default ? > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > Every unix box has a root account. Not every unix box has a jblogs > account. Lets take the example of a brute-force attempt. The first > thing I would do would be to attack roots password. I know the account > exists. Might as well go for the big prize first. > > So having a root account enabled is definetly a bad thing. > > Chris > Do you agree a user acount is most of the time more vonerable then the root account ? If they can hack the root they can defenatly hack a user account too. So i dont see any meaning of disabeling it.