[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo password visible through ssh command line

On Thu, Jul 10, 2008 at 3:11 PM, Alex Samad <alex@samad.com.au> wrote:
> other have answered was to get around this.  How about ssh straight to
> root@ the box (turn sshd to allow root login by sign only and set a

I don't think this is such a good idea, because direct outside root
logins should be disabled anyway. Think of it like this - if the user
knows he can get root without having to know the password of an
unprivileged user, it's that much easier for him to get in. Rather,
disallow those logins and make outside users use sudo, and make even
that practice suspect (of course there are reasons to let outsiders -
in the sense they don't have physical access to the system in to do
root things).

Of course, passphrases are the thing to setup - especially on direct
root logins as it makes the chance of J. Random Hacker (think of all
the script kiddies from overseas banging into your box at night)
getting through and doing potential harmful things.
Reply to: