On 15/10/02 14:39 -0400, Chris Santerre wrote: > You know I always wondered about this method. su - has you input a password. > So If a sysadmin is on a cable modem at home, logs in as normal user w/ ssh, > then does an su - and enters password, How is that any different? You are > being sniffed on the cable network. Keep in mind you can now sniff SSH > packets. So how could this be more secure? So wouldn't a hacker now have > both the first user pass and the su - ? Because the network traffic in a ssh connection is strongly encrypted (its Secure shell), the cracker will have to do some rather powerful decryption to get the password. There was a bug in OpenSSH that would allow the specific encrypted text to be picked off the network (timing issues, password characters were sent as sinlge bytes), but that has been fixed a long time back. Try snifing ssh encrypted traffic.
Oh, and by using keys, your password never crosses the network at all. Plus, sudo is a lot more useful in such cases. You can grant relatively granular access using sudo, without having to divulge the root password. Hmmmm, given that a large part of admin requires editing of files, $sudo vim :!sh # is an easy way to get a root shell without ever using the root password. Devdas Bhagat
