Jan Wilson wrote:
>>What's the point in doing that way? When you use ssh, the communication >>is encrypted. I don't see the advantage of ssh as a normal user first. > > > If you ssh to a root account on another machine directly, the logging > on that machine does not directly say who was acting as root. By > shelling in as a regular user, and then su'ing to root, the log will > reflect who became root, and when; also when you exited from the root > account. > > Also, if anyone is trying to break into that network, it gives an > extra layer of security because they have to know the regular username > and that password, as well as the root password. If the remote > computer allows ssh into the root account, then a cracker only has to > know one password to gain entry. > > I suspect there may be other technical security advantages but these > alone would justify the extra step, IMHO. > theoretically not, if some1 has got a fake binary for your shell as a normal user, he/she can then log you getting root. best way is to get the ssh client to execute the login command as root and go in directly. (thus bypassing the binarys that could have been compromised) JG
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
