Hacker News new | past | comments | ask | show | jobs | submit login

Yes, the reality is that "baseball" is a bad password, and ssh as root is a bad idea but getting auth.log spammed into oblivion is also a bummer. It feels like a web GUI would help less experienced sysadmins not just apt-get remove fail2ban when they get themselves locked out for the first time.

root is no worse from a security standpoint than any other user. If knowing your username helps somebody guess your password or bruteforce your key, the username isn't the problem.

Using multiple users is great from a compartmentalization / user_management standpoint, but it doesn't protect against brute-force.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact