On Tue, 2004-08-10 at 09:12, Scot L. Harris wrote: > On Tue, 2004-08-10 at 08:54, Alexander Dalloz wrote: > > Am Di, den 10.08.2004 schrieb Dave Rinker um 6:30: > > > > > I agree with both comments but recommend that you disable the ability of > > > root to login at all. Users can always su to root. > > > > That has the severe downside, that if someone got on the system as an > > unprivileged user he could sniff while you are su'ing to root, which is > > not successful if you ssh in as root using publick key authentication > > rather than password authentication. > > > > Alexander > > Your saying that if you use ssh2 to connect to a server and the su to > root that they can sniff your root password? > > I don't think that would work. > > The main reason I always suggest people login with a normal user ID and > then su to root if needed is so there is an audit trail on the servers. > I can see who actually logged in and jumped to root instead of just > seeing that someone that knew root logged in. > > And true, someone with root privileges could attempt to cover their > tracks by mucking with the log files. > > -- > Scot L. Harris <webid@xxxxxxxxxx> I believe what he is saying is that if someone is already sniffing, then they will get the root password. -- jludwig <wralphie@xxxxxxxxxxx>
