MORE SSH Hacking: heads-up
Scot L. Harris
webid at cfl.rr.com
Tue Aug 10 13:12:00 UTC 2004
On Tue, 2004-08-10 at 08:54, Alexander Dalloz wrote:
> Am Di, den 10.08.2004 schrieb Dave Rinker um 6:30:
>
> > I agree with both comments but recommend that you disable the ability of
> > root to login at all. Users can always su to root.
>
> That has the severe downside, that if someone got on the system as an
> unprivileged user he could sniff while you are su'ing to root, which is
> not successful if you ssh in as root using publick key authentication
> rather than password authentication.
>
> Alexander
Your saying that if you use ssh2 to connect to a server and the su to
root that they can sniff your root password?
I don't think that would work.
The main reason I always suggest people login with a normal user ID and
then su to root if needed is so there is an audit trail on the servers.
I can see who actually logged in and jumped to root instead of just
seeing that someone that knew root logged in.
And true, someone with root privileges could attempt to cover their
tracks by mucking with the log files.
--
Scot L. Harris <webid at cfl.rr.com>
More information about the fedora-list
mailing list