* Michael D. Schleif (mds@helices.org) [020521 12:10]: > Here's my lack of understanding: > > [a] ssh root@remote.system requires cracking only one (1) string: > [1] root's password > > [b] ssh mortal_user@remote.system requires cracking three (3) separate > strings: > [1] mortal_user's username (without this, there is not even system > access); > [2] mortal_user's password; and > [3] root's password > > Since _god_ on a given system is almost always root or administrator, I > fail to see how [a] can be considered at least as secure as [b]. > > What am I missing? The point is that once you have [b1] and [b2], [b3] is as easy to get by dropping in a new '~/bin/su' which will read a password, pretend to the user that there was a typo, read it again, email you the password, delete itself, and then perform the real /bin/su. The idea is that a user account which often su's is as good as a root account. One that often sudo's is even easier (if you actually have the password and not just a backdoor of some sort). So this boils down to [b] is better because of [b1], which I think we'll all agree isn't *that* difficult to get, if you know anyone who has an account on the machine, or even just patience and a watchful eye. Generally usernames aren't kept super-super secret. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml
Attachment:
pgp5eztgCAlP3.pgp
Description: PGP signature