Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: ssh vs. webmin
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Thu, 10 Jan 2002 12:32:19 +0100 (MET)
  • Message-id: <Pine.LNX.4.43.0201101228060.13465-100000@xxxxxxxxxxxx>
Hi Bob,

>
> My preferred setup is to restrict access to /bin/su (using chgrp and
> chmod) so that only administrators can use it. That way a cracker needs to
> discover *two* passwords to become superuser. So there is some benefit in
> banning root logins via ssh.
>
> Bob

Since we are talking paranoia... :-)

I keep it this way: The more often I have to type a password, the more
likely it is that it gets sniffed. I use ssh all over the place for just
about everything, and sniffing the ordinary way wouldn't work. But what
about X-clients that sniff the X-server (X -nolisten tcp) or similar?
Therefore I never type a password except for the screensaver, I usually
don't log on as root if I don't have to. Using a password to become root
remotely though is not an option.

Roman.


< Previous Next >
References