My man @damienmiller's open comments on the OpenSSH "user enumeration" CVE, of which, I don't believe any serious security analyst should care or worry about. Remember, everyone already knows you have a root account.
http://www.openwall.com/lists/oss-security/2018/08/24/1 …
-
-
SSH login with root is disabled, more often than not.
-
I would argue that an un-privileged account whose sole purpose is to `sudo su - root` is equivalent to `ssh root@host`.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.