Re: Putty for SSH access



On 2010-07-16, Aragorn <aragorn@xxxxxxxxxxxxxxxxxxx> wrote:
But here I will disagree, in the sense that "sudo" is generally set up
to require only the user's own password, albeit that this can be
changed.

"su" is therefore a safer approach in most set-ups because it still
requires knowledge of the root password. That's three things an
attacker has to guess: the account's login, the account's password and
the root password.

As always, what is a "safer" approach depends wildly on the particular
situation. Both su and sudo will log logins, but only sudo will log
actual commands executed (unless you do sudo su or similar which gets
you a root shell).

--keith

--
kkeller-usenet@xxxxxxxxxxxxxxxxxxxxxxxxxx
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

.