Jesse Schultz on Wed, 3 Jul 2002 08:59:33 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] log as root or not ?

gabriel rosenkoetter wrote: 
On Tue, Jul 02, 2002 at 10:39:38PM -0400, Jesse Schultz wrote:

On the other hand, having been an admin on Linux, Unix, NT and Novell systems for the last decade, I can tell you that the changed prompts and colored lights arent always there depending on the client, server, OS or NOS you are using and who configured it. 


Swell. I've been doing this at least half as long as you, and my
system Works for Me. Note that I'm not suggesting anyone else
should do things My Way, just that it is safe for them to do so.
(You, and several others, seem to be suggesting that everyone should
do things Your Way. I don't think that's either Necessary or Right.)


No No No.  You must do it my way :-)
Seriously, whatever works for you.  It's not a rule, but rather a principle.



ANY book or guide on Administration for any operating system you care to read including linux will reccomend using root sparingly and not logging in as root but rather changing to root for special tasks if that is possible. 


Again, "Use root sparingly," in NO way implies "do not log in as
root". The two are wholly separate constructs and there is no
logical reason to connect them.

My logic, that using su when administering remotely is more likely
to leak your root password to a passive eavesdropper (call her Eve)
or an active attacker (call him Mallory) in the network between you
and the host being administered, in fact does imply that using PKI
authentication to log in as root when you are ready to do root
things is safer. If your login crosses any edge or (heaven forfend)
core router which you do not control, you MUST be concerned about
Eve and Mallory.

Absolutly, a good PKI is far superior and makes mitm less likely (not impossible, but very difficult/unlikely). I also like the idea of different certificates. This is very much like Single Sign On systems I have worked with where everyone has there own certificate which grants them various levels of access.

I am actually looking to implement a certificate based system for SSH POP3 and possibly a VPN system. All would use the same certificate. Only myself and the owner of the company (An RF engineer so pretty technical) would have root access.

Since we all know each other pretty well I am thinking of being our own little CA. So I'm doing a little research here and what you are saying sounds interesting.


I choose to leave the xterm in which I've connected as root up and
not do much with it except when I need to because I've got a lot of
(virtual) screen real estate. What you might choose to do is just
ssh root@localhost (presuming you're allowing agent forwarding to
the host in question) when you need root access. Doing so is
definitely more safe than using su(1). (Note that if, at any point,
you enter a shared secret over the wire, you've screwed up. Make
sure you understand how SSH agent forwarding works, and why you
shouldn't just use it blindly with every host out there.)


Have to research this a little to see if it will fit my situation.  Thanks.





______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug