Renaming "root" to "homer"?
Oliver Fromme
olli at lurza.secnetix.de
Fri May 30 17:48:46 UTC 2008
Wojciech Puchar <wojtek at wojtek.tensor.gdynia.pl> wrote:
> > Peope have already pointed out that it is a bad idea to
> > allow remote root logins, so I won't repeat that. :-)
>
> i like bad ideas :) except the worst idea - dumb generalization.
If you disagree, please explain why. Otherwise your
comment is pointless.
> > But to answer your question: Renaming the "root" account
> > will probably break quite a log of things, for example
>
> make 2 roots, root and homer in /etc/master.passwd
Yes, that would work. You just have to make sure to
disable password logins for root (i.e. "*").
Another idea would be to move sshd from the default port
to a non-standard port, e.g. 222 or whatever. Typically
ssh brute force attacks target port 22 only. This will
also clear your logs from useless break-in attempts.
Note that both suggestions (creating a "homer" user and
using a different port) are _not_ security measures per-se,
but rather "security by obscurity". You still have to use
good passwords, or ssh keys.
Another approach is to enable ssh connections only from
certain source addresses or networks, using IPFW or PF.
Of course that's only possible if you know in advance from
which addresses you will need to be able to connect.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
cat man du : where Unix geeks go when they die
More information about the freebsd-questions
mailing list