Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How permit ssh to root ? 1
- Thread starter haneo
- Start date
- Thread starter
- #3
- Thread starter
- #5
Thanks dbase77.
But just a another question !!!!
if ssh connection is encrypted (unlike telnet) and i must be root to sometimes important task (adding domain to bind....) and this server is too far from my desktop, why making an ssh connection is unsecure !!!!
does ssh protocole contain some bugs ?
But just a another question !!!!
if ssh connection is encrypted (unlike telnet) and i must be root to sometimes important task (adding domain to bind....) and this server is too far from my desktop, why making an ssh connection is unsecure !!!!
does ssh protocole contain some bugs ?
Hi,
Yes, sometimes. Remote and lcoal exploit.
If you are on the internet I suggest on your sshd server machine enable firewall and only allow from your desktop pc to access. And subscribe to your vendor mailing list for any security update. If your machine allow root access remotely, people can brute force it.
Why not access using nornal user then su to root.
regards,
feroz
Yes, sometimes. Remote and lcoal exploit.
If you are on the internet I suggest on your sshd server machine enable firewall and only allow from your desktop pc to access. And subscribe to your vendor mailing list for any security update. If your machine allow root access remotely, people can brute force it.
Why not access using nornal user then su to root.
regards,
feroz
redss
Programmer
- Oct 20, 2002
- 195
ssh is considered insecure only if you login directly as root, but if you login as a normal restricted user then su to root, the root password was sent encryped but the restricted password was not so ssh is much more secure as long as the root password is completely different from the restricted user password.
-
1
- #8
Hi haneo,
There is my (maybe common?) way to skin the cat:
create a regular user 'haneo', add 'haneo' to wheel group ('vi /etc/group' and change wheel root line to wheel root, haneo).
Then you can ssh to your server, login as haneo then 'su -' and get full root login with all the privileges etc. This way, an intruder will have to break into 2 password-protected logins (and I'm sure you don't use 'password' as your password, don't you?)...
Regards,
Murrik
There is my (maybe common?) way to skin the cat:
create a regular user 'haneo', add 'haneo' to wheel group ('vi /etc/group' and change wheel root line to wheel root, haneo).
Then you can ssh to your server, login as haneo then 'su -' and get full root login with all the privileges etc. This way, an intruder will have to break into 2 password-protected logins (and I'm sure you don't use 'password' as your password, don't you?)...
Regards,
Murrik
- Status
Similar threads
- Locked
- Question
- Locked
- Question