User: Password:
|
|
Subscribe / Log in / New account

remote root

remote root

Posted Feb 16, 2007 0:25 UTC (Fri) by dd9jn (subscriber, #4459)
In reply to: remote root by rfunk
Parent article: Linux botnets

"Allowing direct root access means that root access is not revokable
per-admin; if the password is somehow compromised"

FWIW, I was talking about public key authentication for root access. This also means that revoking access is as simple as deleting one line from authorized_keys.

Where do you see the problem? I agree that logging of access is not as it should be but it is still available and come one, having root access does on most systems mean you have all the power to manipulate the logs. So why care.


(Log in to post comments)

remote root

Posted Feb 19, 2007 15:54 UTC (Mon) by hein.zelle (guest, #33324) [Link]

> Where do you see the problem? I agree that logging of access is not as it
> should be but it is still available and come one, having root access does
> on most systems mean you have all the power to manipulate the logs. So
> why care.

One reason I care is that it's easy to accidently turn password authentication back on. On many debian systems I've seen, the option UsePAM (on by default) effectively allows password authentication, even when PasswordAuthentication is off. This is not the case on the latest ubuntu, but dangerous nevertheless. I'd rather have an ssh login as a regular user, and then become root using su.

What is the reasoning behind not using su to become root? I understand the password will go over the line, but it's encrypted. Is this advised against for fear of keyloggers or so?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds