On Wed, 9 Jan 2002, Douglas Trainor wrote:
You might browse this paper:
"Timing Analysis of Keystrokes and Timing Attacks on SSH" by Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001. They're from UCB and they're smart.
This would be an argument against logging in as a normal user and then su to root wouldn't it? As I remember from a talk I heard lately it is rather easy to identify when a password is typed after you logged in. That's where you can use timing analysis. The password you type into ssh before you log in is sent in one batch in the login procedure.
If I su to root after logging in via ssh then I am still transmitting my root password (although it is encrypted). From a security standpoint, what's the difference in exposure?
The argument against allowing direct login to root are guessing attacks to the password. The attacker can try all sorts of passwords and if he gets it right he's root. If root's not allowed to login directly the attacker has to know any username first and if he breaks the password by guessing then he's only user (at first). On the other hand there are the timing attacks mentioned above (which I consider rather low risk). If you use any sort of key authentication no password will be sent ever but you really have to guard your keys. Cheers Robert -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: 3C7E CAA6 0A2A 6955 AA25)