[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh, su and root access

On Mon, 2004-11-01 at 12:11 +0100, Luis Fernando Llana Díaz wrote:
> Hi all,
>   I have a doubt. I ussually use ssh to access remote machines 
> without sending any password (PasswordAuthentication no) and I
> store private keys with the help of ssh-agent.
>   This is valid also to login as another users (including root)
> in the local machine (ssh root@localhost). With the help of ssh
> agent, on can open several root sessions by only asking one 
> password: the one of my private key "id_rsa". In this way I void
> tping a root password any time I want to be root.
> It is very easy for me to work this way, but I would to know if
> there could be aware of any possible security problems to do so.
> The only problem is that if I make ssh root@localhost, its gain
> root privileges whitout asking any password.

You are right to fear.  Disable root logins via ssh, and use su
and sudo on the remote box to do root stuff.

Ron Johnson, Jr.
Jefferson, LA USA
PGP Key ID 8834C06B

"Would you mind not firing on the thermonuclear weapons?"
A great line, from a *great* action flick: Broken Arrow

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: