Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
How is sudo any more secure than root ssh logins with a password? In either case, if you can guess ONE password, you get remote root...
Posted Feb 15, 2007 21:21 UTC (Thu) by rfunk (subscriber, #4054)
Posted Feb 16, 2007 0:25 UTC (Fri) by dd9jn (subscriber, #4459)
FWIW, I was talking about public key authentication for root access. This also means that revoking access is as simple as deleting one line from authorized_keys.
Where do you see the problem? I agree that logging of access is not as it should be but it is still available and come one, having root access does on most systems mean you have all the power to manipulate the logs. So why care.
Posted Feb 19, 2007 15:54 UTC (Mon) by hein.zelle (guest, #33324)
One reason I care is that it's easy to accidently turn password authentication back on. On many debian systems I've seen, the option UsePAM (on by default) effectively allows password authentication, even when PasswordAuthentication is off. This is not the case on the latest ubuntu, but dangerous nevertheless. I'd rather have an ssh login as a regular user, and then become root using su.
What is the reasoning behind not using su to become root? I understand the password will go over the line, but it's encrypted. Is this advised against for fear of keyloggers or so?
Posted Feb 16, 2007 2:27 UTC (Fri) by smoogen (subscriber, #97)
In the case of small teams.. you may not feel that you need this, but it comes in handy if the business grows... you find yourself with 12-20 people with the root password.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds