MORE SSH Hacking: heads-up
jludwig
wralphie at comcast.net
Tue Aug 10 15:02:06 UTC 2004
On Tue, 2004-08-10 at 09:12, Scot L. Harris wrote:
> On Tue, 2004-08-10 at 08:54, Alexander Dalloz wrote:
> > Am Di, den 10.08.2004 schrieb Dave Rinker um 6:30:
> >
> > > I agree with both comments but recommend that you disable the ability of
> > > root to login at all. Users can always su to root.
> >
> > That has the severe downside, that if someone got on the system as an
> > unprivileged user he could sniff while you are su'ing to root, which is
> > not successful if you ssh in as root using publick key authentication
> > rather than password authentication.
> >
> > Alexander
>
> Your saying that if you use ssh2 to connect to a server and the su to
> root that they can sniff your root password?
>
> I don't think that would work.
>
> The main reason I always suggest people login with a normal user ID and
> then su to root if needed is so there is an audit trail on the servers.
> I can see who actually logged in and jumped to root instead of just
> seeing that someone that knew root logged in.
>
> And true, someone with root privileges could attempt to cover their
> tracks by mucking with the log files.
>
> --
> Scot L. Harris <webid at cfl.rr.com>
I believe what he is saying is that if someone is already sniffing, then
they will get the root password.
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list