A friend told me a few months ago about an audit where he discovered root logins were enabled via SSH. This obviously ended up on the report, but when questioned the admin told him that he had set up SSHD to allow root login attempts, but not actually check them, and just claiming the password is wrong, as a kind of honeypot.
How is this possible? A read of the docs of sshd shows no obvious way to do such a thing.
Aucun commentaire:
Enregistrer un commentaire