Re: Putty for SSH access



On 2010-07-16, Aragorn <aragorn@xxxxxxxxxxxxxxxxxxx> wrote:
But here I will disagree, in the sense that "sudo" is generally set up
to require only the user's own password, albeit that this can be
changed.

"su" is therefore a safer approach in most set-ups because it still
requires knowledge of the root password. That's three things an
attacker has to guess: the account's login, the account's password and
the root password.

As always, what is a "safer" approach depends wildly on the particular
situation. Both su and sudo will log logins, but only sudo will log
actual commands executed (unless you do sudo su or similar which gets
you a root shell).

--keith

--
kkeller-usenet@xxxxxxxxxxxxxxxxxxxxxxxxxx
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

.



Relevant Pages

  • Re: Dumb question of the week.
    ... me a blood-red prompt. ... I think that 'root' commands must work without surprises like aliases ... My su and sudo work as defined in the man pages, ... which asks for the root password and then, ...
    (alt.os.linux.suse)
  • Re: [OT] You are being tracked
    ... There's no need to type the root password: use sudo. ... passwordless access, which could be a local security concern, and tells ... a keystroke logger on your box is bad news anyway, ...
    (comp.os.linux.misc)
  • Re: [OT] You are being tracked
    ... There's no need to type the root password: use sudo. ... a keystroke logger on your box is bad news anyway, ... least half the country blames the Democrats for this. ...
    (comp.os.linux.misc)
  • Re: [Off Topic] Re: Linux security
    ... enabled a root password, ... As was pointed out before users don't care ... Much like OSX. ... With much the same mechanism (OSX also uses a sudo ...
    (Ubuntu)
  • Re: Linux, fast
    ... So you sudo $EDITOR /etc/network/interfaces. ... Personally, I set a root password not long after installing Ubuntu, but I ... `Nam et Hannibalis apud Romanos iam ante Sangunti excidium celeberrimum ...
    (uk.comp.os.linux)