Emptying passwords from master.passwords would mean that noone could log in to your box from the console, and would disable use of sudo too. I guess if it is a colo'd box, that wouldn't matter much, but I prefer being able to log in at the console.
A simpler way would be to disable password and keyboard-interactive logins in sshd.conf
It also wouldn't affect the main problem with brute-force login attempts: log file pollution. I've yet to have a brute-forceeteer target a valid login on my boxes!
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
|