Chris Santerre wrote: >You know I always wondered about this method. su - has you input a password. >So If a sysadmin is on a cable modem at home, logs in as normal user w/ ssh, >then does an su - and enters password, How is that any different? You are >being sniffed on the cable network. Keep in mind you can now sniff SSH >packets. So how could this be more secure? So wouldn't a hacker now have >both the first user pass and the su - ? > Hell, you can get hit by a car on the pavement, why not just walk in the middle of the road ? Because walking on the pavement lessens the chance of being hit, that's why.
While it's true that rsa1 packets can be sniffed now, I still have to see the first exploit that can sniff and actually decode DSA (ssh protocol 2) packets. > >-----Original Message----- >From: Graham, Randy (RAW) [mailto:grahamrw@;y12.doe.gov] >Sent: Monday, October 14, 2002 3:21 PM >To: Chris Berry; [EMAIL PROTECTED] >Subject: RE: Is SSH worth it?? > > >You ssh as a normal user and then use 'su -' to switch over to root. >Without that, you have no way of knowing who connected to a server as root. >By forcing connections as normal users and using su, you can have some >auditing (to prevent the "I didn't do it" syndrome). > >Randy Graham > > -- Public GPG key at blackhole.pca.dfn.de .
msg08966/pgp00000.pgp
Description: PGP signature
