Re[4]: [cobalt-users] URGENT: Cannot su - while being admin

[Pierre Chopot <pierre@xxxxxxxxxxx>]

Hello List,

Tuesday, January 08, 2002, 6:34:49 PM, you wrote:

>>> I don't think you can fix this without booting and logging in physically,
>>> fin> unless you did something evil like letting root ssh  ;P

>> I know perfectly well the differences between telnet and ssh and I am only
>> using the later one but what I don't get is why people usually tell you (and
>> this is what I am doing) to telnet/ssh to a box using someuser and then su to
>> root instead of directly doing a telnet/ssh using root. In my understanding
>> (which is probably where I am wrong) in the first case you expose to the world
>> the login/pwd of both someuser and root and in the second case just the one
>> from root. I am thinking this because when you su to root, you type the root
>> password in your telnet/ssh console and it get sent to the remote computer
>> through telnet/ssh, same as if you were directly doing it to login. (and I
>> think the question is valid of course for telnet but also for ssh).

JS> I think if you allow root logins there is only one password to crack. eg.

JS> SSH -> User -> su -

JS> SSH -> Root

Yes I figured that out but in fact, I'm afraid that it might be the
opposite: usually, the more example of login/pwd-couples you have, the
easier it is to crack the algorithm (if you are not using brute force
and computer power, because yes, in that case, 2 login/pwd are more
difficult to crack).

>> And to link this with gsh's answer, is there a way to forbid root to
>> telnet/ssh ? (besides writing it in the law/constitution...)

JS> It should be in your /etc/sshd_config

JS> PermitRootLogin no

JS> HTH,
JS> j

Thanks to you and all the others who did answer, I learned some today
:-)

-- 
Regards,
 Pierre                          
 pierre@xxxxxxxxxxx