Re: Root SSH permitted by default (was: how does root run a graphical prog)
Colin Watson wrote:
>
> On Mon, May 20, 2002 at 01:37:49PM -0500, Jamin W. Collins wrote:
> > On Mon, 20 May 2002 19:01:50 +0100
> > "Colin Watson" <cjwatson@debian.org> wrote:
> > > Not in woody and sid, at least. See the paragraphs in
> > > /usr/share/doc/ssh/README.Debian headed "PermitRootLogin set to yes".
> >
> > Man, talk about a bad stance to take. Personally, I'd say this is a bug
> > in the default configuration. However, it appears that the package
> > maintainer does not agree:
>
> *sigh*
>
> Like the document says, regularly su'ing to root from an account makes
> compromising that account essentially equivalent to compromising root
> anyway. I don't see a problem with the default configuration, and nor do
> OpenSSH upstream.
... stood on the sidelines long enough ...
Here's my lack of understanding:
[a] ssh root@remote.system requires cracking only one (1) string:
[1] root's password
[b] ssh mortal_user@remote.system requires cracking three (3) separate
strings:
[1] mortal_user's username (without this, there is not even system
access);
[2] mortal_user's password; and
[3] root's password
Since _god_ on a given system is almost always root or administrator, I
fail to see how [a] can be considered at least as secure as [b].
What am I missing?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: