Re: [bitfolk] The perils of opening tcp/22 to the Internet

James Gregory wrote: I disagree, make ssh keys mandatory, especially if there is a super user account involved, obviously this can be re-enabled but most people don't mess with default settings. The super user account could be called something other than "root", and "root" username given no access to the system. Doing semi-complete/complete backups via rsync/rsnapshot is difficult using a non-SU account. Or just don't have many/any system accounts, many things like web and ftp have been able to have virtual/non-system accounts for years, and jail processes where possible and drop privileges where possible, there is lots of things that should be done here. I've had no end of trouble with things like this in the past, it ended up more trouble than it was worth. I don't treat this as security by obsecurity, I treat this as limiting dictionary attacks on my servers, it doesn't stop an attacker, it does stop bots. -- Best regards, Duane http://www.freeauth.org - Enterprise Two Factor Authentication http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Global Communication for the 21st Century "In the long run the pessimist may be proved right, but the optimist has a better time on the trip."