[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: [cobalt-users] URGENT: Cannot su - while being admin
- Subject: Re: Re[2]: [cobalt-users] URGENT: Cannot su - while being admin
- From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue Jan 8 19:16:17 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>> I don't think you can fix this without booting and logging in physically,
>> fin> unless you did something evil like letting root ssh ;P
> I know perfectly well the differences between telnet and ssh and I am only
> using the later one but what I don't get is why people usually tell you (and
> this is what I am doing) to telnet/ssh to a box using someuser and then su to
> root instead of directly doing a telnet/ssh using root. In my understanding
> (which is probably where I am wrong) in the first case you expose to the world
> the login/pwd of both someuser and root and in the second case just the one
> from root. I am thinking this because when you su to root, you type the root
> password in your telnet/ssh console and it get sent to the remote computer
> through telnet/ssh, same as if you were directly doing it to login. (and I
> think the question is valid of course for telnet but also for ssh).
I think if you allow root logins there is only one password to crack. eg.
SSH -> User -> su -
SSH -> Root
> And to link this with gsh's answer, is there a way to forbid root to
> telnet/ssh ? (besides writing it in the law/constitution...)
It should be in your /etc/sshd_config
PermitRootLogin no
HTH,
j
--
http://www.bizmanuals.com