From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-168302-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id E54021384B4
	for <garchives@archives.gentoo.org>; Tue, 10 Nov 2015 21:48:20 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BC3D121C036;
	Tue, 10 Nov 2015 21:48:14 +0000 (UTC)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 72AC5E087E
	for <gentoo-user@lists.gentoo.org>; Tue, 10 Nov 2015 21:48:13 +0000 (UTC)
Received: by obbza9 with SMTP id za9so8325859obb.1
        for <gentoo-user@lists.gentoo.org>; Tue, 10 Nov 2015 13:48:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-type:content-transfer-encoding;
        bh=ib5zIiRoHmqNv4DmV+/5rc9ReZIlpxNQgFL96mbLWwg=;
        b=AsPSrjpHugZYt02zkGtuVKdKi2fl+dtbDmJpdW3bk43FvhbfthbVD/raTE4cYEZx+X
         V9yFyeXH8GOKGjpTlzxMMp0KRte5nDnpXgRd6Kr3TdT6MFFlMjX88v5AlwpvM3vxztVE
         GcizkMZjSqtfbpJAr80E6Oi+Kbm+qlgrDedh+2mjAKM0uvEEabuzoFuV8dNQEJJs6toe
         Xa9P/kuM8e/NSBQfemZw3vPRucTsM/V3ehJKIrx1E2o1qrbHNCG7ao6Xqh/2lo9ikHAl
         F3iPMuTdMwLfk1D+ztRnnlEVCC6lklNkslEgxeCN9vhKq44KDvRalT7fg4b/Fcw+1G1B
         0Afg==
X-Received: by 10.60.233.103 with SMTP id tv7mr2955972oec.69.1447192092837;
        Tue, 10 Nov 2015 13:48:12 -0800 (PST)
Received: from [192.168.2.5] (adsl-65-0-116-226.jan.bellsouth.net. [65.0.116.226])
        by smtp.gmail.com with ESMTPSA id r205sm550180oih.6.2015.11.10.13.48.11
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 10 Nov 2015 13:48:12 -0800 (PST)
Subject: Re: [gentoo-user] OpenSSH upgrade warning
To: gentoo-user@lists.gentoo.org
References: <56414A8C.1080701@gentoo.org> <56420DB1.80302@gmail.com>
 <56421438.4080202@gentoo.org> <1702148.kV3uT6Ls87@andromeda>
 <56421AB8.1080003@gentoo.org> <20151110215257.032cf534@hal9000.localdomain>
 <56425AD5.9040400@gentoo.org> <20151110221149.47a15177@hal9000.localdomain>
 <56426066.6020908@gentoo.org>
From: Dale <rdalek1967@gmail.com>
Message-ID: <5642661A.4030407@gmail.com>
Date: Tue, 10 Nov 2015 15:48:10 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101
 Firefox/41.0 SeaMonkey/2.38
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
In-Reply-To: <56426066.6020908@gentoo.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 17cd1e17-efb3-4e1a-aa0f-0b80944f29c6
X-Archives-Hash: 99e45d9e68205bcb6f175dd56c582a72

Michael Orlitzky wrote:
> On 11/10/2015 04:11 PM, wabenbau@gmail.com wrote:
>> You can disable password login for that user on the server. Then he 
>> can only login via ssh key. Only with the knowledge of the root
>> password it is not possible to gain root access to the server. An
>> attacker also needs the ssh key. And with a camera, keylogger, or
>> measuring radiation he can not fetch that key.
>>
> This is pretty close to what I originally asked for, thank you.
> If you disable all password logins to the server AND disable remote root
> logins altogether, then you can stop someone from gaining root by
> peeking over your shoulder as you type.
>
> Unless they bash you over the head and swipe your laptop. But still,
> I'll take it.
>
>
>

Now I'm curious.  Just how often does all this stuff take place?   I
figure when hackers attack, they go straight for root access anyway.  If
that access is disabled then they will never get in, no matter how long
they try.  From what little I know, even if they have the root password
they still can't get in unless they also have the other user account to
login with first. 

Now when hackers get around to hitting folks over the head with a club,
we got problems.  Given I touched my electric fence by accident a while
back, a stun gun would get me to give up quite a lot.  O_O 

Dale

:-)  :-)