Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote:

> > Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote:
> >
> >> Even 15 seconds of thinking is enough to understand that logging
> >> to other user and then su - gives completely no extra security.
> >
> > I don't buy this, given that root's login name is well known :)
> if someone can intercept the passwords you type, then he/she will 
> intercept both user password you log in and then su password you
> type.
> He/she actually can gain more if you use su, as you may use the
> same user password somewhere else.

The whole point of ssh is to prevent this sort of thing, by
encrypting the message traffic over this insecure communication
channel.  An attacker may be able to intercept the encrypted
traffic, but it will take a skilled cryptanalyst and a lot of CPU
time -- or the attacker will have to be very lucky -- to decrypt
the message and recover the passwords while they are still valid.
(You *do* change passwords periodically, don't you?)
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to