Re: [Full-Disclosure] Re: Re: Any update on SSH brute force attempts?

[Ronny Adsetts <ronny.adsetts@xxxxxxxxxxxxxxxxxxx>]

Barrie Dempster said at 18/10/2004 15:39:
> On Mon, 2004-10-18 at 14:01 +0100, Dave Ewart wrote:
>
> > Well yes, that's fair enough - however, allowing direct root access does
> > make certain things more straightforward, automated use of 'scp' etc.
>
> Yeh, but theres only a select few people crazy enough to scp files into
> places that require root access.
>
> People that fall into the more sane side of security use less error
> prone methods of updating configurations (which is what I'm guessing
> your using scp here for). There are very few valid reasons to have
> direct remote root access (so few I can't currently think of a one)
> remote admin tasks can be carried out by means other than login in
> directly as root.

How about where you have no local users except root - all other users are via 
LDAP or similar - and some catastrophe takes out your user DB? Allowing root 
ssh login will at least get you access to the box.

Allowing root ssh access but setting policy on its use seems a better option 
to me. And running jack the ripper on your password hashes of course.

Ronny
--
Technical Director
Amazing Internet Ltd, London
t: +44 20 8607 9535
f: +44 20 8607 9536
w: www.amazinginternet.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html