On Tue, 12 Dec 2000, David Talkington wrote:
> If clear text transmission of a root password is the issue, then
> you're at just as much risk from a sniffer on the wire regardless of
> whether you log in directly or connect as a normal user and then su -.
There are several password collection tools that hunt the net specifically
for people logging in as root. Tracking an entire TCP session and looking
for su- is very expensive, especially when you limit privledges to su to
a particular group. At the very least, two passwords is better than one.
Better yet, don't use su at all and use sudo.
> If, on the other hand, the idea is to prevent a single stolen password
> from resulting in a root compromise, then why is ssh root@somewhere
> not discouraged for the same reason?
SSH encrypts the entire session, including the password exchange. In
addition, SSH prevents people from hijacking your TCP connection. You are
protected from sniffers and all sorts of man-in-the-middle attacks, replay
attacks, and any other network-based attack you can imagine.
In it's most secure form, though, ssh root@somewhere would not use the
root password at all, but you would register a public DSA (or RSA) key on
the somewhere host, and then only your private key (secured with a
suitable passphrase) would be able to access the server. The whole
authentication process occurs without passwords encrypted or otherwise, so
even if someone compromised the somewhere host, they still couldn't
possibly learn any actual passwords.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
