Re: root via ssh / why su - ?
On Sun, May 27, 2001 at 12:41:33PM +0200, Timo Blazko Boewing wrote:
> Hello!
>
> A silly theoretical question: in a ssh thread above, one got the answer *not*
> to enable root user access to a station, it would be better to use a limited
> user account and then gain access via su or that.
> What is the difference between that. Don't I have full admin rights with su?
> Or if I have, what is the difference? Is it cos a direct root login allows to
> exploit the sys due to some scripts that get autom. exec'd?
> I just want to know....cos thus I know why I do things that way :-)
if someone steals your root password, they have full control over your
box. with having remote root logins disabled they have to break in a
user account _and_ in the root account.
if you're really security minded you should use ssh keys instead of
passwords, since passwords can be easier stolen.
the advantage of ssh keys is that you need a key _and_ a passphrase to
break in....
for more info, look at the freebsd security manpage (applies to linux
too):
http://www.freebsd.org/cgi/man.cgi?query=security&apropos=0&sektion=0&manpath=FreeBSD+5.0-current&format=html
for simple, local servers this might be a bit overkill, so you prolly
can get away with only choosing good passwords for root and others
--
,-------------------------------------------.
> Name: Alson van der Meulen <
> Personal: alson@linuxfreak.nl <
> School: alson@gymnasiumleiden.nl <
`-------------------------------------------'
Say, What does "Superblock Error" mean, anyhow?
---------------------------------------------
Reply to: