|
|
|
|
|
|
by Scramblejams
731 days ago
|
|
|
Yes, it's risky to accept password auth if someone sharing the box with you has a poor password. They could do things like: . Install a spam or brute force password bot, which could get the machine kicked off its internet connection (in addition to whatever havoc it causes first) . DoS the server by filling up the disk or using too much RAM (are quotas enforced?) . Exploit a local vuln to get root, if such exists on that box. (Is the kernel promptly patched and the box rebooted?) . Explore other users' directories (are permissions locked down correctly across users?) …and more thrilling possibilities! Embrace key auth. Future you will thank you. |
|
|