<br><br><div class="gmail_quote">On Jan 12, 2008 9:17 PM, Carl-Daniel Hailfinger <<a href="mailto:c-d.hailfinger.devel.2006@gmx.net">c-d.hailfinger.devel.2006@gmx.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On 13.01.2008 01:45, M. Edward (Ed) Borasky wrote:<br>> 1. One *never* allows remote shell login as "root" -- *ever* -- even<br>> behind a firewall. One allows only *one* user in the "wheel" group to
<br>> log in to a shell account, and then *only* via "ssh".<br><br></div>Which is almost as unsafe as using "root" directly.<br><div class="Ih2E3d"></div></blockquote><div><br>Except that massive network scans for
root@any-host-that-respond-to-ssh (a common attack vector) become useless...</div></div><br>-- <br>Michael Burns * Student<br>Open Source {Education} Lab