-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Authenticating locally? how's that going to happen? you still need a password to get root xs .. or else some sort of 'prove' to give the box that you are allowed to have root ..
I think that in any other way the root passstill goes over the line.. - ---- > SELECT * FROM users WHERE clue > 0; 0 rows returned - -----Original Message----- From: Chris Berry [mailto:compjma@;hotmail.com] Sent: Wednesday, October 16, 2002 03:08 AM To: [EMAIL PROTECTED] Subject: Re: Is SSH worth it?? >From: Johan De Meersman <[EMAIL PROTECTED]> >>>I don't think it's ever a good idea to allow root ssh to any >>>machine >>Why not? Also, how are you going to remote administer it without >>some sort of control SSH, VNC, etc? >Because the first shell exploit or key theft will give root access >instead of low-user access. Remote control is achieved by ssh-ing >as low-user, and then su-ing to root, thereby doubling the work >involved in rooting the box. You still need decent passphrases on >both your keys and your root account, of course. You can also allow >root ssh from localhost only, adding a tiny bit more security still >by not su-ing but ssh-ing to root. Doesn't this actually lower your securtiy by requiring you to transmit you password when you do the SU command, rather than authenticating locally? Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "I have found the way, and the way is Perl." _________________________________________________________________ Surf the Web without missing calls!�Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPa3CBR5k6aFnw1S9EQKzNwCgiMobjuMtnla4NmM3cZXDBGjoRAoAoIIU bTrlTzLBHhm/LNYzpJGYyp/S =wM0s -----END PGP SIGNATURE-----
