|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alex Holst (a
area51.dk)Date: Thu Feb 01 2001 - 14:17:25 CST
Quoting James Ponder (jamessquish.net):
[..]
> As pointed out to me, there are mechanisms such as s/key that could be used,
> but that is a real effort to most people. Plus, you could have many
> different root passwords, but again, that is a real effort to most people
> too.
Plain passwords are bad for you. They are much too easily stolen, and
management is hell. There are many stronger alternatives available, some
that will even make your life as an admin easier. Some will not. If you
really care about security, you do have to make an effort.
We have banned SSH root logins because we want to see who does what to our
machines. The situation you have described where an attacker does not trojan
your sshd is security through obscruity. Your efforts should concentrate on
building layers you can verify are in place and working correctly.
Anyway, none of this is specific to OpenBSD. This should be moved to a
general list about UNIX administration.
-- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow. http://a.area51.dk/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]