Subject: Re: sshd Change: PermitRootLogin = no
To: Curt Sampson <firstname.lastname@example.org>
From: James Ponder <email@example.com>
Date: 09/06/2001 22:05:12
I use direct root logins. I consider this far, far safer than using the
user login / su approach.
The fundamental flaw in prefering login / su is that anyone can modify su to
record the password typed once they have gained access to that user (via
something as simply as a PATH or shell change in .profile or other
mechanisms that have been discussed).
User accounts are more likely to have services that can be compromised,
perhaps web sites, servers, mail readers, irc/talk clients, the list is
endless. People do not consider after having read an email that doing
'su' could be revealing the root password to a user who has compromised
their user account.
Imagine the situation where you have a physically secure machine (your
workstation) and you use key based remote root login to maintain your
boxes. The root password has been locked out. You log in without ever
transmitting a password using your unique personal key. This is my
situation, and whilst it may be unique, I believe I am using remote ssh
root logins safely and it is increasing the security on my box over
login / su. Of course, being no expert in such matters I'd welcome any
comments to the contrary.
I find the change from the default of allowing root logins very strange,
all I can see is more people thinking login / su is inherently safe and
root ssh logins inherently unsafe which IMHO is just not true.
On an aside note, I do think it would be nice if ssh logged key
access to syslog (it didn't the last time I looked) so that the argument
for tracking who becomes root is not valid.
Just my 2p, sorry for butting in.
Best wishes, James
James Ponder; www.squish.net