On Sat, 8 Sep 2001, James Ponder wrote:

> The difference is that to trojan su you need to have broken into a user
> account, but to trojan ssh you need to be root already.

I don't understand why. What's the difference between the two attacks,
if someone is logging into another machine as root?

> I was just
> demonstrating that to all intents and purposes both login / su and remote
> root login boil down to gaining root with the knowledge of just one password.

No, they don't. Not at all.

With PermitRootLogin set to "yes", you get in with just the root password.

With it set to "no", you do not get in with just the root
password. Further, you do not get in with just a wheel user password,
either; further exploits are necessary. This is the whole point: FURTHER
EXPLOITS ARE NECESSARY.

That's really all security is, is making it harder to do something.
There's nothing you can propose as making things more secure where I
can't claim, "oh, but if you do X, you can get around it."

So if you claim, "oh, you can get around X by also doing Y,"  you are
stating that "X provides more security because you also need to do Y to
achieve your goal."

So I agree with your implied (but perhaps unintended) conclusion here:
this change makes the system more secure.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 3 5778 0123   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC