|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Damien Miller (djm
mindrot.org)Date: Thu Feb 01 2001 - 19:11:29 CST
On Thu, 1 Feb 2001, James Ponder wrote:
> I'd like to know from some security experts the best way to login to
> a remote unix machine as root?
>
> It seems to me that logging in via ssh and su'ing or sudo'ing results
> in giving away the password to a possibly trojan program, as the machine
> might be compromised.
>
> Using ssh to login directly as root seems to avoid any possibility of
> trojans but lacks accountability, and is usually the argument against
> allowing root logins in sshd.
>
> I've wondered this before, but recently because of the bind problem - how
> many people logged into a unix machine to upgrade bind and used su to
> become root... Would it be unreasonable to say that most people operate
> with a single root password?
>
> There must be 'common practice' for this?
Use SSH2 protocol and public key authentication. It does not use passwords
and is safe against man-in-the-middle attacks.
-d
-- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]