On Wed, 22 May 2002 14:40:15 -0700 "Vineet Kumar" <[EMAIL PROTECTED]> wrote:
> * Michael D. Schleif ([EMAIL PROTECTED]) [020521 12:10]: > > Here's my lack of understanding: > > > > [a] ssh [EMAIL PROTECTED] requires cracking only one (1) string: > > [1] root's password > > > > [b] ssh [EMAIL PROTECTED] requires cracking three (3) separate > > strings: > > [1] mortal_user's username (without this, there is not even system > > access); > > [2] mortal_user's password; and > > [3] root's password > > > > Since _god_ on a given system is almost always root or administrator, > > I fail to see how [a] can be considered at least as secure as [b]. > > > > What am I missing? > > The point is that once you have [b1] and [b2], [b3] is as easy to get > by dropping in a new '~/bin/su' which will read a password, pretend to > the user that there was a typo, read it again, email you the password, > delete itself, and then perform the real /bin/su. Correct. Assuming that the cracker has [b1] & [b2] & the system is allowed to send the message out. However the cracker must gain the above before becoming root. They can't simply step right in via root allowed logins and password authentication. > So this boils down to [b] is better because of [b1], which I think we'll > all agree isn't *that* difficult to get, if you know anyone who has an > account on the machine, or even just patience and a watchful eye. > Generally usernames aren't kept super-super secret. Which in and of itself is a good argument for using keyed access rather than password based authentication for SSH (or other remote shells). -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
