On Tuesday 21 Sep 2004 22:32, Wayne Stallwood wrote:
On Tuesday 21 September 2004 2:32 pm, Richard Kettlewell wrote:
If you can use public key authentication instead of a password that'd probably improve matters further.
Tis sound advice indeed, however if you really must have a password based login then I strongly suggest that you set PermitRootLogin to no
I can't think of any good reason why you would need to log in directly as root, by eliminating default usernames like root you suddenly make it a lot more difficult for someone to perform a dictionary attack on your system.
The best bit about this is that from the client end ssh behaves exactly the same way as if you have misstyped the root password, it doesn't say root login denied. I get a sort of sadistic satisfaction watching failed login attempts to root (yeh, and even if you knew my password you ain't getting in that way pal)
:-) Yep.
Matt