On Tue, 2004-08-10 at 08:54, Alexander Dalloz wrote: > Am Di, den 10.08.2004 schrieb Dave Rinker um 6:30: > > > I agree with both comments but recommend that you disable the ability of > > root to login at all. Users can always su to root. > > That has the severe downside, that if someone got on the system as an > unprivileged user he could sniff while you are su'ing to root, which is > not successful if you ssh in as root using publick key authentication > rather than password authentication. > > Alexander Your saying that if you use ssh2 to connect to a server and the su to root that they can sniff your root password? I don't think that would work. The main reason I always suggest people login with a normal user ID and then su to root if needed is so there is an audit trail on the servers. I can see who actually logged in and jumped to root instead of just seeing that someone that knew root logged in. And true, someone with root privileges could attempt to cover their tracks by mucking with the log files. -- Scot L. Harris <webid@xxxxxxxxxx>
