On Saturday 04 January 2003 10:07 am, Robert Sweet wrote:
On Wed, Jan 01, 2003 at 11:27:29AM +0100, Erik Jakobsen beat on the keyboard:
As root, I can access another machine here with ssh, but I cannot do an ftp connect.
[snip example]
Bad habit. SSH is ill configured to allow root login.
err, no(*) -- the first S stands for SECURE. A "bad habit" would be to login via TELNET "as root" as the entire transmission, including passwords, is "in the clear" [likewise with ftp] many distro's now will disable using "root" for communications like this [anything that invloves a plaintext password] for just this reason. ssh works by establishing a connection to the host, deciding on a "key" for encryption/decryption, and encodes everything from the get-go. It is therefore "safe" to use a "root" logon from machine to machine. In addition to ssh itself, there is the program "scp", which allows for "securely" copying files from one machine to the next -- admittedly, not as convenient as an FTP 'session' where you can navigate around the remote system and copy-at-will, but functionally just as effective [moreso -- you might be a "plain user" here, but could copy a file to a location that "only root can write" remotely -- presuming, of course, you are indeed the root user of the remote site]
You should get used to using a user login and su for root privileges when needed.
That can lead to "false [sense of] security" -- if you use telnet for your "non-root-user-acces", you gain nothing -- when "su" [or sux] prompts for a password, that password again goes "in the clear" -- you might as well have used a "root" logon from the start. Tom (*) what exactly, though, do you mean by "ill configured"? Are you concerned that the [remote] ssh server might somehow be "trojaned", so that logging on "as root" on the remote site might cause difficulties at the remote site?