On Sat, Mar 23, 2002 at 06:37:50AM -0600, Matthew S. Hallacy wrote:
> On Fri, Mar 22, 2002 at 11:52:58AM -0600, Bob Tanner wrote:
> > Install sshd, disable root logins, enable X forwarding.
> 
> How is disabling root logins going to change anything? You picked a secure 
> password didn't you? You used a *unique* password, didn't you? If you feel
> insecure about your passwords then disable restrict remote logins to people
> with public/private key pairs. (disable password authentication)

Disabling root login via ssh means that an attacker needs to obtain
_two_ things (either your password/root password or your key/root
password) to gain root access rather than just one.  There is also
the possibility that an ssh exploit may exist which allows a cracker
to bypass ssh's authentication entirely - but if ssh has root logins
disabled, that still only gets them access to arbitrary user
accounts, not root.  (Yes, I know that local root exploits exist.
No, that's not an excuse for letting an attacker go directly to root
without using one.)

-- 
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius

Innocence is no protection when governments go bad. - Tom Swiss