Security Basics mailing list archives
RE: Is SSH worth it??
From: Chris Santerre <csanterre () MerchantsOverseas com>
Date: Tue, 15 Oct 2002 14:39:38 -0400
You know I always wondered about this method. su - has you input a password. So If a sysadmin is on a cable modem at home, logs in as normal user w/ ssh, then does an su - and enters password, How is that any different? You are being sniffed on the cable network. Keep in mind you can now sniff SSH packets. So how could this be more secure? So wouldn't a hacker now have both the first user pass and the su - ? -----Original Message----- From: Graham, Randy (RAW) [mailto:grahamrw () y12 doe gov] Sent: Monday, October 14, 2002 3:21 PM To: Chris Berry; security-basics () securityfocus com Subject: RE: Is SSH worth it?? You ssh as a normal user and then use 'su -' to switch over to root. Without that, you have no way of knowing who connected to a server as root. By forcing connections as normal users and using su, you can have some auditing (to prevent the "I didn't do it" syndrome). Randy Graham -- When in danger\or in doubt\run in circles\scream and shout!
-----Original Message----- From: Chris Berry [mailto:compjma () hotmail com] Sent: Thursday, October 10, 2002 12:53 PM To: security-basics () securityfocus com Subject: Re: Is SSH worth it??From: Johan De Meersman <johan () ops skynet be> I don't think it's ever a good idea to allow root ssh to any machineWhy not? Also, how are you going to remote administer it without some sort of control SSH, VNC, etc? Chris Berry compjma () hotmail com Systems Administrator JM Associates "I have found the way, and the way is Perl." _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
Current thread:
- Re: Is SSH worth it?? David Corking (Oct 15)
- <Possible follow-ups>
- RE: Is SSH worth it?? Graham, Randy (RAW) (Oct 15)
- Re: Is SSH worth it?? Johan De Meersman (Oct 15)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 18)
- Re: Is SSH worth it?? David Corking (Oct 21)
- Re: Is SSH worth it?? Richard Caley (Oct 21)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? David Corking (Oct 16)
- RE: Is SSH worth it?? Chris Santerre (Oct 16)
- Re: Is SSH worth it?? Devdas Bhagat (Oct 17)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 17)
- Re: Is SSH worth it?? Chris Berry (Oct 16)
- RE: Is SSH worth it?? Mark Stunnenberg (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 17)
- RE: Is SSH worth it?? Chris Berry (Oct 17)