possible hacking?

[Matthew Gillen]

Ward Vandewege wrote:
> Better yet; disallow direct (root) logins with passwords. Only allow them with
> keys.

This is excellent advice.  In fact, if this this is a home system,
you're probably better off to set the defaults such that no one can log
in via sshd, then specifically allow certain (real) users.  You should
*never* need root to log in directly.  This forces them to guess *both*
a username and a password, and with no indication as to whether a
username is valid or not, it becomes *very* difficult to brute force.

Note that the script kiddies will try not only the username 'root', but
also 'apache', 'httpd', 'ftp', etc.

--Matt