Re: Is SSH worth it??

[Johan De Meersman <johan () ops skynet be>]

Chris Santerre wrote:

> You know I always wondered about this method. su - has you input a password.
> So If a sysadmin is on a cable modem at home, logs in as normal user w/ ssh,
> then does an su - and enters password, How is that any different? You are
> being sniffed on the cable network. Keep in mind you can now sniff SSH
> packets. So how could this be more secure? So wouldn't a hacker now have
> both the first user pass and the su - ?
Hell, you can get hit by a car on the pavement, why not just walk in the
middle of the road ? Because walking on the pavement lessens the chance
of being hit, that's why.

While it's true that rsa1 packets can be sniffed now, I still have to
see the first exploit that can sniff and actually decode DSA (ssh
protocol 2) packets.

> -----Original Message-----
> From: Graham, Randy (RAW) [mailto:grahamrw () y12 doe gov]
> Sent: Monday, October 14, 2002 3:21 PM
> To: Chris Berry; security-basics () securityfocus com
> Subject: RE: Is SSH worth it??
>
>
> You ssh as a normal user and then use 'su -' to switch over to root.
> Without that, you have no way of knowing who connected to a server as root.
> By forcing connections as normal users and using su, you can have some
> auditing (to prevent the "I didn't do it" syndrome).
>
> Randy Graham
>  


-- 
Public GPG key at blackhole.pca.dfn.de .

Attachment: _bin
Description: