[Wylug-help] Guest account for Linux??
Roger Leigh
rleigh at whinlatter.ukfsn.org
Mon Mar 20 21:12:23 GMT 2006
John Hodrien <johnh at comp.leeds.ac.uk> writes:
> On Tue, 21 Mar 2006, Emon wrote:
>> Do I have to create a new account with the login name 'guest' & no
>> password??
>
> Yes, although that'd cause you issues with security, since it'd be
> allowed to ssh in among other things. If you did that you'd really
> want to make sure you weren't opening yourself up to abuse.
If you do go this route, you can put
PermitEmptyPasswords no
in sshd_config, but also putting
hostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication no
is a good idea. This means you can't log in unless you have a valid
SSH private RSA or DSA key.
There are also PAM options that can further restrict things.
Of course, a passwordless account is a huge gaping hole in system
security. My syslog shows that SSH break in attempts do try "test",
"guest" and related usernames. If you do this, you are *guaranteed*
to be rooted within a few hours, so please don't do it. This is one
reason why you shouldn't use such common usernames: they are ripe for
abuse, and the bad guys are well aware of it.
Regards,
Roger
--
Roger Leigh
Printing on GNU/Linux? http://gutenprint.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
Url : http://list.wylug.org.uk/pipermail/wylug-help/attachments/20060320/974f9891/attachment.bin
More information about the Wylug-help
mailing list