On Sun, May 27, 2001 at 12:39:54PM +0200, Timo Blazko Boewing wrote: > A silly theoretical question: in a ssh thread above, one got the answer *not* > to enable root user access to a station, it would be better to use a limited > user account and then gain access via su or that. > What is the difference between that. Don't I have full admin rights with su? > Or if I have, what is the difference? Is it cos a direct root login allows to > exploit the sys due to some scripts that get autom. exec'd? > I just want to know....cos thus I know why I do things that way :-)
Two reasons come to mind: 1) In order to gain remote root access, an attacker must first compromise a user account to log in with. Simply obtaining the root password is not sufficient. 2) It is possible (though not likely) that there may be a little-known technique for sniffing the data sent while establishing an ssh connection. If such a technique were to exist, disabling root logins would ensure that an attacker using it would only get a user password while the root password would remain secure. -- That's not gibberish... It's Linux. - Byers, The Lone Gunmen Geek Code 3.12: GCS d? s+: a C++ UL++++$ P++>+++ L+++>++++ E- W--(++) N+ o+ !K w--- O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv+ b+ DI++++ D G e* h r y+
