Re: [PLUG] log as root or not ?

christophe barbé on Mon, 1 Jul 2002 04:20:08 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] log as root or not ?

From: christophe barbé <christophe.barbe.ml@online.fr>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] log as root or not ?

Date: Sun, 30 Jun 2002 22:13:01 -0400

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4i

On Sun, Jun 30, 2002 at 09:38:26PM -0400, John Lavin wrote: > christophe barbé said: > > My understanding was that it was bad because the root password goes > > through the network in clear and then it was better to log as a normal > > user and then su to root. > Your password still goes in the clear. The password of the normal user. Note that I said the above only to explain what I believe to be the reason behind the advice "don't log remotely as root'. > > It seems no more a good reason with openssh and other secure links to > > avoid to log as root. > Not sure if you're saying ssh is a bad or good thing here. I think it a Of course I say that ssh is good. I guess everybody is already persuaded that telnet and rlogin are not safe. > good thing. I don't log in su as root remotely in the clear. I don't understand your last sentence. Do you mean that you don't log in as root without encryption ? > > My point of view is : I used to log on a remote machine as a normal user > > and as root, depending on what I want to do. I never use the password > > for this two accounts and use ssh authorized keys instead. Then I don't > > remember the passwords (and would prefer not to have to) so su from the > > normal user to root seems inconvenient. > > The only issue with adding authorized keys for root is that if someone > gains root on your local machine, they have it on the remote one as > well. Even if it is inconvenient, it is safer to su after a ssh login > as yourself IMHO. You can have use passphrase to encode your private keys and use ssh_agent to do safe and convenient at the same time. My question is : Is there a good reason to avoid log in as root directly when using a secured channel ? Christophe > > -john > -- > John Lavin > jlavin@ccil.org > Public Key: http://mercury.ccil.org/~jlavin/lavin-public-key.gpg > ______________________________________________________________________ > "Petty fears and petty pleasures are but a shadow of the reality." > - H.D. Thoreau -- Christophe Barbé <christophe.barbe@ufies.org> GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E L'experience, c'est une connerie par jour mais jamais la même.
Attachment: pgpYzciDyjRhv.pgp
Description: PGP signature

Follow-Ups:

Re: [PLUG] log as root or not ?
From: John Lavin <jlavin@ccil.org>

Re: [PLUG] log as root or not ?
From: gabriel rosenkoetter <gr@eclipsed.net>

References:

[PLUG] log as root or not ?
From: christophe barbé <christophe.barbe.ml@online.fr>

Re: [PLUG] log as root or not ?
From: John Lavin <jlavin@ccil.org>

Prev by Date: Re: [PLUG] log as root or not ?

Next by Date: Re: [PLUG] log as root or not ?

Previous by thread: Re: [PLUG] log as root or not ?

Next by thread: Re: [PLUG] log as root or not ?

Index(es):

Date

Thread