Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
  • From: Robert Casties <robert.casties@xxxxxxxxxxxxxx>
  • Date: Fri, 11 Jan 2002 10:25:50 +0100 (CET)
  • Message-id: <Pine.LNX.4.33.0201111011070.3237-100000@xxxxxxxxxxxxx>
On Wed, 9 Jan 2002, Douglas Trainor wrote:

> You might browse this paper:
>
> "Timing Analysis of Keystrokes and Timing Attacks on SSH"
> by Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
> 10th USENIX Security Symposium, 2001. They're from UCB
> and they're smart.

This would be an argument against logging in as a normal user and then su
to root wouldn't it? As I remember from a talk I heard lately it is rather
easy to identify when a password is typed after you logged in. That's
where you can use timing analysis. The password you type into ssh before
you log in is sent in one batch in the login procedure.

> > If I su to root after logging in via ssh then I am still transmitting my
> > root password (although it is encrypted). From a security standpoint,
> > what's the difference in exposure?

The argument against allowing direct login to root are guessing attacks to
the password. The attacker can try all sorts of passwords and if he gets
it right he's root.

If root's not allowed to login directly the attacker has to know any
username first and if he breaks the password by guessing then he's only
user (at first). On the other hand there are the timing attacks mentioned
above (which I consider rather low risk).

If you use any sort of key authentication no password will be sent ever
but you really have to guard your keys.

Cheers
Robert

--
Robert Casties --------------------- http://philoscience.unibe.ch/~casties
History & Philosophy of Science Tel: +41/31/631-8505 Room: 216
Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern
Uni Bern (PGP key on homepage: 3C7E CAA6 0A2A 6955 AA25)


< Previous Next >
References