From owner-freebsd-questions@FreeBSD.ORG Sun May 11 21:58:45 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A18D1065671 for ; Sun, 11 May 2008 21:58:45 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [IPv6:2001:4070:101:2::1]) by mx1.freebsd.org (Postfix) with ESMTP id 45EDE8FC0C for ; Sun, 11 May 2008 21:58:43 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1]) by wojtek.tensor.gdynia.pl (8.14.2/8.14.2) with ESMTP id m4BLwUdD072689; Sun, 11 May 2008 23:58:30 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.2/8.14.2/Submit) with ESMTP id m4BLwUdh072686; Sun, 11 May 2008 23:58:30 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Date: Sun, 11 May 2008 23:58:30 +0200 (CEST) From: Wojciech Puchar To: Jon Radel In-Reply-To: <48276671.8080806@radel.com> Message-ID: <20080511235653.D72685@wojtek.tensor.gdynia.pl> References: <812883.11120.qm@web54010.mail.re2.yahoo.com> <3120c9e30805101308q55d93966p69914d3bde9a3139@mail.gmail.com> <20080511195413.GB81732@demeter.hydra> <20080511215811.W72139@wojtek.tensor.gdynia.pl> <48276671.8080806@radel.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Chad Perrin , freebsd-questions@freebsd.org Subject: Re: root login stops working X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2008 21:58:45 -0000 >>> meant to prevent things like brute-force attacks on root over the >>> network. It's a bad idea to change that behavior, in general. Back when >> >> just another stupid myth. > > As is, of course, all security in depth. Hey, if you want everything > riding on one password, more power to you, but you might want to refrain > from using phrases like "stupid myth" unless you've got some hard data > to back them up. did below. > >> simply use good passwords. > > Or a nice little key encrypted with a good pass phrase. i use ssh with id_dsa/authorized keys regularly, and rlogin&.rhosts within the range of private/vpn/other way secure network >> having to log through 2 accounts doesn't increase security. actually >> increases mess. > > The only mess I can think of is all that logging that forces a bit of > accountability onto all the admins who know the root password. Of > course, if you're the only admin, I suppose it doesn't really matter. 2 admins for one server is never good idea :)