Re: Enabling telnet, ftp, pop3 for root...

Ertugrul Soeylemez wrote:

Now really, why is that more secure than logging into the root account
directly?

If you allow logging in directly as root, root can be hacked by someone
entering "root" as a user name. Since root is a well known name, part of
the process of hacking the system is already done. All that is needed is to
guess the root password. If you dissallow direct root login, then the
hacker must guess a valid user AND the correct password for that user
before they can even get into the system. They must then figure out how to
get to root. Which is more secure? DISALLOWING DIRECT ROOT LOGIN.

Also, if there is more than one admin, the su will log who used root on the
system and when. If you allow direct root login, then there is no telling
which of the admins was on the system when problems started...

That's a common and very unreasonable misconception.

As you can see, it is not even a misconception, much less a "very
unreasonable one". It is clear you are laboring under some missguided
concepts.

Your
statement holds for non-secure protocols (i.e. Telnet),

And for people logging into directly into consoles as well.

but there you
shouldn't even login as a normal user.

Well, I guess if you babble long enough, you'll get something right just by
random chance.

--


.

Relevant Pages

  • Re: Ladbrokes Poker
    ... and some kiddy had half a dozen goes at logging on as 'admin', 'root' etc. ... I expect they'll have Interpol kicking his door down within the hour. ...
    (uk.misc)
  • Re: XP Pro faster than OS X
    ... Whenever we install anything on the Mac we have to enter the admin ... Admin!= Root ... logging on as root" ... I said that I *had* to log in as admin to install anything. ...
    (uk.comp.sys.mac)
  • Re: blocking ssh Root Logins
    ... The other little wrinkle that can ... ``without-password'' had the effect of making the root password not ... work for a direct root login just like the manual said. ...
    (Debian-User)
  • Re: Solaris root login only at console question
    ... > so that direct root login isn't allowed except on the console. ... Which is correct behaviour, otherwise there is information leakage about ... If I supply the incorrect password, I get another prompt for username: ...
    (Focus-SUN)
  • Re: Enabling telnet, ftp, pop3 for root...
    ... if you allow root login without ... If you dissallow direct root login, ... Logging into root directly via proper authentication mechanisms and ...
    (alt.os.linux)