also sprach Crispin Wellington <crispin@aeonline.net> [2002.07.31.1645 +0200]: > > you did. bad idea. > > Why is it a bad idea? Any compromise of ssh will give the user root > anyway because it runs at user level root. accounting... > > why need it? > > X forwarding. > > I use ssh-agent, with > > alias root='ssh -X root@localhost' > > And my key in root's authorized_keys. > > Saves constantly retyping the password if i ever find a box of yours, i'll have instant root. it's bad for two reasons: (a) you are allowing root to login directly, and that not only from localhost. you have no chance to see who actually just became root. (b) you get an unrestricted root shell. with sudo, you get granular control of what you can do. the last time i had to get into a root shell was like last year. i do everything through sudo and everything works. and yet, i would never succeed to `rm -rf /` by accident. > > sudo sudo sudo sudo sudo! > > xauth xauth xauth xauth! > > Or do you use xhost +localhost (shudder). no need with sudo. anyway, explain just why xhost +localhost is so much worse that ssh -X localhost. it's definitely faster. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck it may look like i'm just sitting here doing nothing. but i'm really actively waiting for all my problems to go away.
Attachment:
pgpBx5l8LV1Xs.pgp
Description: PGP signature