[Uaflug] Apology
Joshua J. Kugler
joshua at eeinternet.com
Thu Apr 26 11:22:58 AKDT 2007
On Thursday 26 April 2007 11:15, Paul Swanson wrote:
> A question of security; is a guest account with no password (or an
> essentially worthless password like 'guest') a risk? If it doesn't
> have root access, what could be exploited?
Not a totally bad thing to have, but make sure to add the guest account to the
DenyUsers directive in your sshd_config so you don't get remote logins on
that account. Got a laptop of mine "compromised" that way once. Not a root
compromise, but it was used for port scanning the network.
j
--
Joshua Kugler
Lead System Admin -- Senior Programmer
http://www.eeinternet.com
PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE
PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111
More information about the uaflug
mailing list