Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 May 2008 19:48:38 +0200 (CEST)
From:      Oliver Fromme <olli@lurza.secnetix.de>
To:        freebsd-questions@FreeBSD.ORG, gilles.ganault@free.fr, wojtek@wojtek.tensor.gdynia.pl
Subject:   Re: Renaming "root" to "homer"?
Message-ID:  <200805301748.m4UHmc6Q020790@lurza.secnetix.de>
In-Reply-To: <20080530170151.D2560@wojtek.tensor.gdynia.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote:
 > > Peope have already pointed out that it is a bad idea to
 > > allow remote root logins, so I won't repeat that.  :-)
 > 
 > i like bad ideas :) except the worst idea - dumb generalization.

If you disagree, please explain why.  Otherwise your
comment is pointless.

 > > But to answer your question:  Renaming the "root" account
 > > will probably break quite a log of things, for example
 > 
 > make 2 roots, root and homer in /etc/master.passwd

Yes, that would work.  You just have to make sure to
disable password logins for root (i.e. "*").

Another idea would be to move sshd from the default port
to a non-standard port, e.g. 222 or whatever.  Typically
ssh brute force attacks target port 22 only.  This will
also clear your logs from useless break-in attempts.

Note that both suggestions (creating a "homer" user and
using a different port) are _not_ security measures per-se,
but rather "security by obscurity".  You still have to use
good passwords, or ssh keys.

Another approach is to enable ssh connections only from
certain source addresses or networks, using IPFW or PF.
Of course that's only possible if you know in advance from
which addresses you will need to be able to connect.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

cat man du : where Unix geeks go when they die



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805301748.m4UHmc6Q020790>