MORE SSH Hacking: heads-up
John Lagrue
admin at moraystudio.com
Thu Aug 12 16:18:54 UTC 2004
jludwig wrote:
>On Tue, 2004-08-10 at 09:12, Scot L. Harris wrote:
>
>
>>On Tue, 2004-08-10 at 08:54, Alexander Dalloz wrote:
>>
>>
>>>Am Di, den 10.08.2004 schrieb Dave Rinker um 6:30:
>>>
>>>
>>>
>>>>I agree with both comments but recommend that you disable the ability of
>>>>root to login at all. Users can always su to root.
>>>>
>>>>
>>>That has the severe downside, that if someone got on the system as an
>>>unprivileged user he could sniff while you are su'ing to root, which is
>>>not successful if you ssh in as root using publick key authentication
>>>rather than password authentication.
>>>
>>>Alexander
>>>
>>>
>>Your saying that if you use ssh2 to connect to a server and the su to
>>root that they can sniff your root password?
>>
>>I don't think that would work.
>>
>>The main reason I always suggest people login with a normal user ID and
>>then su to root if needed is so there is an audit trail on the servers.
>>I can see who actually logged in and jumped to root instead of just
>>seeing that someone that knew root logged in.
>>
>>And true, someone with root privileges could attempt to cover their
>>tracks by mucking with the log files.
>>
>>--
>>Scot L. Harris <webid at cfl.rr.com>
>>
>>
>I believe what he is saying is that if someone is already sniffing, then
>they will get the root password.
>
>
IN that case might I respectfully suggest that he's wrong. If you
connect via ssh then all traffic between the ssh client and the server
is encrypted. So it doesn't matter what is typed in the client -
sniffing will only give gobblegook.
JDL
More information about the fedora-list
mailing list