On Thursday 07 October 2004 15:28, Selcuk Ozturk wrote:
If the communication is encrypted, why is connecting as an unpriviledged user via ssh and then doing a su to root safer than connecting as root directly? Is the encryption of initial password or key verification less secure than data encryption. Or, is it to protect against dictionary attacks? What is to stop an intruder to run a dictionary attack to a regular user and then once successful run a second one with su? Yes, requiring two attacks might decrease chance of success. But, if this is the only reason then allowing only key based login is probably a lot safer than just disallowing root. Am I missing something here?
Other than root, how would you know the name of a user that is allowed to ssh in ? You may guess my account is named "maarten" since you saw my email, but my account could be a /bin/false one. Or it could equally possibly be any other name. Better yet, you might attack a machine you have no prior knowledge of; in that case you need to bruteforce guess not only a password but also a useraccountname. So yes, it is definitely done to prevent a dictionary attack. Additionally, su might not be available but only sudo instead, thereby adding another layer of security (and logging) purposes. Maarten -- When I answered where I wanted to go today, they just hung up -- Unknown