Re: Enabling telnet, ftp, pop3 for root...



Ertugrul Soeylemez wrote:

Short: The security depends on the authenticative security of the
initiating session, i.e. on the strength of the password for the
intermediate account in your case. Instead, use proper (e.g. key-based)
authentication mechanisms and log into root directly. If you still feel
more secure by logging into a normal account first, then at least use
better means of authentication than passwords for that account.


Depending on the environment -- No, I take that back -- in ANY environment, I'd rather see people using sudo.

sudo is not that hard to configure properly, and never gives up the root password. In addition, you can log what your people are doing and limit their root access to a whitelisted set of commands, so that they only have the access that they need to perform their duties.

sudo is an excellent tool that, IMHO, makes 'su' or 'su -' obsolete. You can't log anything if you just 'su -', or, 'sudo su -'. And corporate peoples like log files to read...

- Mike
.