On Sun, 16 Sep 2001, Alexander Skwar wrote:
> Uhm, and why is it more secure for someone to telnet into a machine and
> then su to root?
1 Telnet is insecure use ssh. DONT USE TELNET. (For windows there is nice
ssh prog called pytty)
2 It is possible to use brute force attach to find root password.
3 It is more auditable. So you can see who used su.
4 Hmm bug in SSH. Ex http://www.ssh.com/products/ssh/exploit.cfm
5 User can save root's password on SSH client.
http://archives.neohapsis.com/archives/sf/sun/2000-q3/0043.html
6 Why do you think inetd restricts root from remote ftp, telnet, and other
inetd-started services?
--
6:53pm up 23 days, 7:57, 3 users, load average: 0.00, 0.07, 0.08
__
| / \ | Iouri Goussev // \\
\_\\ //_/ [EMAIL PROTECTED] _\\()//_
.'/()\'. Foo-Bar / // \\ \
jgs \\ // http://foobar.irc-unix.net | \__/ |
I am not 31337. But I can use the Vi editor... ;-0
