Posted Feb 15, 2007 9:34 UTC (Thu) by dd9jn
In reply to: Linux botnets
Parent article: Linux botnets
Don't even use a password at all to login in to a server. sshd_config should have an entry "PermitRootLogin without-password" and user accounts should all have a disabled password. Use ~/.ssh/authorized_keys. If you have a need to login from more than one client machine, use a smart card to access the server. I know that this is a trivial suggestion but when I occasionally see people login to their servers, most are entering a password.
to post comments)