Jan Krapivin wrote: > I read Debian Administrator's handbook now. And there are such words: > > The root user's password should be long (12 characters or more) and > impossible to guess. ...
> The thing is my password is very easy now, and i haven't thought about > *"automated > connection attempts"*, that sounds rather... scary? My password is easy > because i am not afraid of direct physical access to the computer. > > But... if there is a serious network danger, then i should change my > password of course. But how strong it should be? If we speak about network > attacks... it should be like 32 symbols with special symbols? Or this > paragraph in a handbook is rather paranoid? > > I have activated sudo now for my regular user. Can it (password of regular > user) be less sophisticated than root password? Because it would be rather > difficult to enter 32 symbols every time i wake my PC after suspend. The threats are different for: - a laptop that travels and can be stolen - a desktop that does not leave your residence - a server that accepts connections from the outside world If you have a laptop, you want to have your filesystem encrypted (LUKS or ZFS encryption, most likely) and protected by a 12+ character password. If you have a desktop, perhaps you feel it is at low risk. If you have a machine that runs the ssh daemon, you should not use passwords at all for remote logins; you should use ssh keys. Check whether you are running ssh: /sbin/service ssh status If it is active, use sudo to edit /etc/ssh/sshd_config to lock down access. (It may be that you don't want it running at all, too.) -dsr-
