[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remote login to root

To: members@xxxxxxxxxxxxxxxxxx
Subject: Re: remote login to root
From: Wesley Leonard <marshall@xxxxxxxxxxxx>
Date: Tue, 09 May 2000 21:48:26 -0400
Delivery-Date: Tue May 9 21:49:23 2000
Organization: PacDemon
References: <200005091543.e49FhNI50575@mail2.mx.voyager.net><391889CE.97D20C63@worldnet.att.net> <3918E559.30C34516@home.com>
Reply-To: members@xxxxxxxxxxxxxxxxxx
Resent-Date: Tue, 9 May 2000 21:48:41 -0400
Resent-From: members@xxxxxxxxxxxxxxxxxx
Resent-Message-ID: <SppchD.A.2yE.5_LG5@klug.armintl.com>
Resent-Sender: members-request@xxxxxxxxxxxxxxxxxx
Sender: marshall@xxxxxxxxx

Bill Katsma wrote:
> 
> If you force users to log in as a user (or hopefully themselves) then it
> will be logged who su'd to root.  Other wise if a user gets the root
> password he could just remotely log in and all the log's would show is
> what computer.
> 

True!  Also, if you use a secure login method (like ssh) it makes it
harder to get a regular user's passwd.  If a cracker can't get a regular
user's passwd to get in, who cares if he has the root passwd?

Does anybody remember the crackppc linux contest?  The admin of the
machine actually gave out the root passwd.  I think it eventually got
cracked by an apache or sendmail exploit or something...

-- 

Wesley Leonard
marshall@pacdemon.org

http://www.pacdemon.org
"...I want Linux to be on the cutting edge, and even a bit past the
edge, because what's past the edge today is what's on your desktop
tomorrow."
	--Linus Torvalds

References:
- Re: remote login to root
  - From: Jamie McCarthy
- Re: remote login to root
  - From: Bruce Damkoehler
- Re: remote login to root
  - From: Bill Katsma

Prev by Date: Re: remote login to root
Next by Date: Re: remote login to root
Prev by thread: Re: remote login to root
Next by thread: Re: remote login to root
Index(es):
- Date
- Thread