Re: SSH hacked?



On Thu, Jan 15, 2009 at 08:21:48AM -0500, Mark Haney wrote:
Res wrote:


I fail to see how that's incorrect, then? I occasionally see attempts
to break in with root, but not that often. That wasn't really my point.
The point is that not allowing ANY privileged account login access via
any method effectively makes breaking in with them impossible. This is

Breaking in with them perhaps, but what if they get in under a user, a
user that happens to be auth'd to su/sudo/whatever, never be complacent
about possible threats.

Of course, I do not dispute that. I'm talking about limiting the number
of possible attack vectors. Hacking root gives a hacker full rights.
Exploiting a user account still means the hacker has find a way to get
root privileges. Granted if that user has sudo rights, that's just as
bad, but not every user account has that right, so it's not a guarantee.

It's one of the reasons I don't use sudo (no one has any sudo
privileges) on my system. I also have ssh root access disabled.

So, to get root access, an attacker using ssh has to first guess my
(or another user) password and then guess the root password.

(In addition ssh is only allowed from a few IP addresses but that's
irrelevant to my comment above)

--
Chris Green

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users