On Wed, 2 May 2001, Emmanuel Seyman wrote:
> On Wed, May 02, 2001 at 02:37:43AM -0400, Statux a ecrit:
> >
> > I thought that root logins were the reason why people recommend ssh in
> > the first place. <shrug> Is there something I don't know? :)
>
> This is just a guess but it must be easier to "steal" the password
> passed at the beginning of the session than to steal the one passed
> at the su prompt (since you don't know when the user types su).
>
> Having the crypted password allows you to find the uncrypted version
> by brute force.
Most of the sniffers that I've observed suck passwords out of the
beginning of telnet login sessions. They normally don't have the
capability to track a complete telnet TCP session and watch for su or sudo
attempts.
Going one step further, if you use RSA/DSA key authentication (which you
can force for root with the 'without-password' option), the root password
is never transmitted.
Even a crypted password can be stolen if someone is able to launch a
man-in-the-middle attack and you are not wary of the key change. With
RSA/DSA key authentication, you don't need to trust anyone (even the
ssh server) with your password. It is virtually impossible to brute force
the key itself since they only have the public part of it.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
