Originally Posted by stevea
I'm not very impressed with the common "disable root login" advice. In nearly every end-user PC *ALL* the information we want to secure is available to the couple user accounts. If someone cracks the 'stevea' account on my systems then they can do 99.8% of all the damage possible.
Yes, they can damage your personal data, but it's that 0.2% that is the dangerous bit: that 0.2% includes them gaining the control of your whole system
They can install rootkits, modify system files and modify your logs to hide the fact that they are in your system, and that quickly turns 0.2% to 99.8% of the cost
of damage they can cause.
Of course, disabling root login doesn't make it any harder to get into your system through ssh, but what it does is, once in, it makes gaining full control of your system a lot
harder and increases your chances to detect them before
they get that far.
Your files are most probably of no value to anyone, but gaining control of your machine has. It can be used as a part of a botnet, to send spam, store stolen CC details, become child porn server, used as staging platform for DDOS or further intrusion attempts and what not. And that's why pretty much any attack, brute force or any other kind, first targets system accounts, especially root, and not user accounts.
If they crack your user account, they still have to crack your root account. If they crack ssh credentials for root and can login with it, it's game over for you.
That's why you should disable rootlogins.