Subject: Re: sshd Change: PermitRootLogin = no
To: Curt Sampson <>
From: James Ponder <>
List: current-users
Date: 09/08/2001 14:45:52
On Fri, Sep 07, 2001 at 12:34:41PM +0900, Curt Sampson wrote:
> However, it seems to me that the other attack you posit (a trojan for su)
> is still open: just gain access to your machine and trojan ssh.

The difference is that to trojan su you need to have broken into a user
account, but to trojan ssh you need to be root already.  I was just
demonstrating that to all intents and purposes both login / su and remote
root login boil down to gaining root with the knowledge of just one password.

In my view most people don't realise that.

Best wishes, James
James Ponder;