Re: root via ssh / why su - ?

To: debian-user@lists.debian.org
Subject: Re: root via ssh / why su - ?
From: Dave Sherohman <esper@sherohman.org>
Date: Sun, 27 May 2001 10:03:48 -0500
Message-id: <[🔎] 20010527100347.A2736@sherohman.org>
Mail-followup-to: Dave Sherohman <esper@sherohman.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 01052712395400.01498@discover>

On Sun, May 27, 2001 at 12:39:54PM +0200, Timo Blazko Boewing wrote:
> A silly theoretical question: in a ssh thread above, one got the answer *not* 
> to enable root user access to a station, it would be better to use a limited 
> user account and then gain access via su or that.
> What is the difference between that. Don't I have full admin rights with su?
> Or if I have, what is the difference? Is it cos a direct root login allows to 
> exploit the sys due to some scripts that get autom. exec'd?
> I just want to know....cos thus I know why I do things that way :-)

Two reasons come to mind:

1)  In order to gain remote root access, an attacker must first compromise a
user account to log in with.  Simply obtaining the root password is not
sufficient.

2)  It is possible (though not likely) that there may be a little-known
technique for sniffing the data sent while establishing an ssh connection.
If such a technique were to exist, disabling root logins would ensure that an
attacker using it would only get a user password while the root password
would remain secure.

-- 
That's not gibberish...  It's Linux. - Byers, The Lone Gunmen
Geek Code 3.12:  GCS d? s+: a C++ UL++++$ P++>+++ L+++>++++ E- W--(++) N+
o+ !K w--- O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv+ b+ DI++++ D G e* h r y+

Reply to:

References:
- root via ssh / why su - ?
  - From: Timo "Blazko" Boewing <blazko@online.de>

Prev by Date: Re: I've been getting scanned...
Next by Date: Re: Free mail a/c that allows download of mail
Previous by thread: Re: root via ssh / why su - ?
Next by thread: root via ssh / why su - ?
Index(es):
- Date
- Thread