Date: Fri, 30 May 2008 19:48:38 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-questions@FreeBSD.ORG, gilles.ganault@free.fr, wojtek@wojtek.tensor.gdynia.pl Subject: Re: Renaming "root" to "homer"? Message-ID: <200805301748.m4UHmc6Q020790@lurza.secnetix.de> In-Reply-To: <20080530170151.D2560@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote: > > Peope have already pointed out that it is a bad idea to > > allow remote root logins, so I won't repeat that. :-) > > i like bad ideas :) except the worst idea - dumb generalization. If you disagree, please explain why. Otherwise your comment is pointless. > > But to answer your question: Renaming the "root" account > > will probably break quite a log of things, for example > > make 2 roots, root and homer in /etc/master.passwd Yes, that would work. You just have to make sure to disable password logins for root (i.e. "*"). Another idea would be to move sshd from the default port to a non-standard port, e.g. 222 or whatever. Typically ssh brute force attacks target port 22 only. This will also clear your logs from useless break-in attempts. Note that both suggestions (creating a "homer" user and using a different port) are _not_ security measures per-se, but rather "security by obscurity". You still have to use good passwords, or ssh keys. Another approach is to enable ssh connections only from certain source addresses or networks, using IPFW or PF. Of course that's only possible if you know in advance from which addresses you will need to be able to connect. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd cat man du : where Unix geeks go when they die
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805301748.m4UHmc6Q020790>