RE: Is SSH worth it??

[Chris Santerre <csanterre () MerchantsOverseas com>]

You know I always wondered about this method. su - has you input a password.
So If a sysadmin is on a cable modem at home, logs in as normal user w/ ssh,
then does an su - and enters password, How is that any different? You are
being sniffed on the cable network. Keep in mind you can now sniff SSH
packets. So how could this be more secure? So wouldn't a hacker now have
both the first user pass and the su - ?

-----Original Message-----
From: Graham, Randy (RAW) [mailto:grahamrw () y12 doe gov]
Sent: Monday, October 14, 2002 3:21 PM
To: Chris Berry; security-basics () securityfocus com
Subject: RE: Is SSH worth it??


You ssh as a normal user and then use 'su -' to switch over to root.
Without that, you have no way of knowing who connected to a server as root.
By forcing connections as normal users and using su, you can have some
auditing (to prevent the "I didn't do it" syndrome).

Randy Graham
-- 
When in danger\or in doubt\run in circles\scream and shout! 

> -----Original Message-----
> From: Chris Berry [mailto:compjma () hotmail com]
> Sent: Thursday, October 10, 2002 12:53 PM
> To: security-basics () securityfocus com
> Subject: Re: Is SSH worth it??
>
>
> > From: Johan De Meersman <johan () ops skynet be>
> > I don't think it's ever a good idea to allow root ssh to any machine
>
> Why not?  Also, how are you going to remote administer it 
> without some sort 
> of control SSH, VNC, etc?
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "I have found the way, and the way is Perl."
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com