Re: Why Disable Root ssh login?

---

• From: Olive <olive001@xxxxxxxxxxxxx>
• Date: Fri, 15 Dec 2006 15:09:54 +0100

---

Well, if sudo is well configured, it does not give complete root access,
It should be limited to mostly inoffensive command options and require
the password for the rest. As for the logs, you are right in the case
where they are kept local, but any reasonable size network will use a
separate node with a different password as a loghost. All the failed
attempt will be sent there and recorded before any successful promotion.
Those will be much harder to erase. But you are right I should have
mentioned it.

This make more sense, but still I am perplex. I was speaking about the "Unbuntu" type of sudo account: you have to give your own password to have root access, not a different one. If an offender had succeed to log in, he has already the normal user account password. For the logs, if the local system is able to send some log to another network, a user having root access is also able too; how can the local system be "authorized" to send remote log across the network and denying this to a user having rootlocal access. Even if there is a password to send the logs over the network, the system must store it somewhere in order to be able to use it. A user having local root access is able to analyse /dev/mem to discover it. It may present some difficulties but this seems like "security by obscurity"; which is known to be bad. However, a more secure variant would be to authorize the system to send log but not to clear it; in this later case it could be more secure. Anyway just prevent a root ssh does not increase security as it; it only does in conjunction with several other steps.

Olive


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

---

• Follow-Ups:
  • Re: Why Disable Root ssh login?
    • From: Jacques Normand
  • Re: Why Disable Root ssh login?
    • From: Albert Dengg

• References:
  • Why Disable Root ssh login?
    • From: Grok Mogger
  • Re: Why Disable Root ssh login?
    • From: Jacques Normand
  • Re: Why Disable Root ssh login?
    • From: Olive
  • Re: Why Disable Root ssh login?
    • From: Jacques Normand

• Prev by Date: Re: Unbootable after today dist-upgrade (Sid)
• Next by Date: Re: dumb question about installing etch....
• Previous by thread: Re: Why Disable Root ssh login?
• Next by thread: Re: Why Disable Root ssh login?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Why Disable Root ssh login? ... It should be limited to mostly inoffensive command options and require ... have root access, not a different one. ... the local system is able to send some log to another network, ... (Debian-User) Re: Why Disable Root ssh login? ... As for the logs, you are right in the case ... have root access, not a different one. ... the local system is able to send some log to another network, ... (Debian-User) Re: SHFileOperation Problem ... On Apr 14, 7:12 am, Marcelo Grossi <Marcelo ... I have a service application running under the "Local System" account. ... I will need to send this file to a shared network folder. ... (microsoft.public.platformsdk.security) Re: Service under LocalSystem impersonating NETWORK SERVICE, has no local disk access ... > I've written a service running under Local System account. ... Now I can access the network using WNetAddConnection, BUT!!!!, the ... (microsoft.public.win32.programmer.kernel) Re: Print Problems ... services are usually installed in the context of the Local System ... account which is all powerful on the host machine but which has no access ... network for the system that hosts the service and then change the service ... networked printer. ... (microsoft.public.vc.language)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Debian  > 2006-12