On Fri, Dec 15, 2006 at 02:35:50PM +0100, Olive wrote: > > >Because, to login from outside you will need to guess a valid username > >and the corresponding password. After that the root password will have > >to be guessed locally which would leave a fat trace in the logs. In > >addition, most of the bots around try to guess the root password and do > >not spend a lot of time for normal accounts. > > > >Now, if you always have strong password, this should not matter. But > >there is still the risk that your password looks like an obsfucated and > >misspelled version of a foreign word which you have no clue about but a > >lucky bot operator will try. You could also have you password leaked for > >a stupid reason. In which case requiring a su/sudo will put a name on > >the perpetrator... > > > >It is just my opinion on it but I hope it helps. > > This answer in't entirely convincing. For example if you can sudo with > the normal password account, I do see any difference in security in > allowing root ssh or not. The logs are usefull as long as the offender > did not succeed to have root access, after that it is very easy for the > offender to clear the logs. Well, if sudo is well configured, it does not give complete root access, It should be limited to mostly inoffensive command options and require the password for the rest. As for the logs, you are right in the case where they are kept local, but any reasonable size network will use a separate node with a different password as a loghost. All the failed attempt will be sent there and recorded before any successful promotion. Those will be much harder to erase. But you are right I should have mentioned it. jacques
Attachment:
signature.asc
Description: Digital signature