Comment Re:Should have used vsftpd (Score 1) 152
You're saying it's possible to secure a known username. Who cares? Suppose 90% of attacks are on those known usernames (I don't have actual figures, but that seems plausible, based on my own experience with publicly accessible Linux machines). Just eliminate 90% of the attacks (and the chance of brute force breaking through) by eliminating those known accounts from remote login.
Why wouldn't you do this? You can still secure the rest of your accounts. Hackers, botnets and script kiddies go after the low-hanging fruit. Reduce your attack surface, and you are clearly better off. There's almost no hassle to having to su to root once you log in with a normal user account.
By the way--logging in to a console in public is completely different from remote root access. If someone can see over your shoulder--there are lots of other ways for them to engineer an attack. But we all have to be aware of the greater risk of unknown users on the Internet just scanning IP ranges and trying to login. If you've ever had a public web server, you will see that this happens to every machine. Much more common than someone we know trying to crack into our box.
Why wouldn't you do this? You can still secure the rest of your accounts. Hackers, botnets and script kiddies go after the low-hanging fruit. Reduce your attack surface, and you are clearly better off. There's almost no hassle to having to su to root once you log in with a normal user account.
By the way--logging in to a console in public is completely different from remote root access. If someone can see over your shoulder--there are lots of other ways for them to engineer an attack. But we all have to be aware of the greater risk of unknown users on the Internet just scanning IP ranges and trying to login. If you've ever had a public web server, you will see that this happens to every machine. Much more common than someone we know trying to crack into our box.