Dan Ritter <d...@randomstring.org> wrote: > Jan Krapivin wrote: > > I read Debian Administrator's handbook now. And there are such > > words: > > > > The root user's password should be long (12 characters or more) and > > impossible to guess. > ... > > > > The thing is my password is very easy now, and i haven't thought > > about *"automated > > connection attempts"*, that sounds rather... scary? My password is > > easy because i am not afraid of direct physical access to the > > computer. > > > > But... if there is a serious network danger, then i should change my > > password of course. But how strong it should be? If we speak about > > network attacks... it should be like 32 symbols with special > > symbols? Or this paragraph in a handbook is rather paranoid? > > > > I have activated sudo now for my regular user. Can it (password of > > regular user) be less sophisticated than root password? Because it > > would be rather difficult to enter 32 symbols every time i wake my > > PC after suspend. > > The threats are different for: > > - a laptop that travels and can be stolen > - a desktop that does not leave your residence > - a server that accepts connections from the outside world > > If you have a laptop, you want to have your filesystem encrypted > (LUKS or ZFS encryption, most likely) and protected by a 12+ > character password. > > If you have a desktop, perhaps you feel it is at low risk. > > If you have a machine that runs the ssh daemon, you should not > use passwords at all for remote logins; you should use ssh keys. > > Check whether you are running ssh: > > /sbin/service ssh status
It's not called ssh; it is sshd Also nowadays it's more usual to say $ systemctl status sshd > If it is active, use sudo to edit /etc/ssh/sshd_config to lock > down access. (It may be that you don't want it running at all, > too.) > > -dsr- >
