Posted Feb 19, 2007 15:54 UTC (Mon) by hein.zelle
In reply to: remote root
Parent article: Linux botnets
> Where do you see the problem? I agree that logging of access is not as it
> should be but it is still available and come one, having root access does
> on most systems mean you have all the power to manipulate the logs. So
> why care.
One reason I care is that it's easy to accidently turn password authentication back on. On many debian systems I've seen, the option UsePAM (on by default) effectively allows password authentication, even when PasswordAuthentication is off. This is not the case on the latest ubuntu, but dangerous nevertheless. I'd rather have an ssh login as a regular user, and then become root using su.
What is the reasoning behind not using su to become root? I understand the password will go over the line, but it's encrypted. Is this advised against for fear of keyloggers or so?
to post comments)