[Gllug] RSA or DSA
Nix
nix at esperi.org.uk
Tue May 17 22:41:31 UTC 2005
On Tue, 17 May 2005, Alain Williams announced authoritatively:
> Whatever the reason you are failing to login - you SHOULD NOT attempt to do
> what you are trying above -- login to a remote machine over the Internet as ROOT !!!
> This what would happen if your laptop/workstation got owned/compromised ? All the
> other machines would be compromised as well.
Well, to be honest, if you're sshing in, they're not likely to crack the
comms channel, and if they've trojaned your ssh or sshd or are keylogging
you, they'll catch you just as well if you su.
For unencrypted logins, I agree, and I do have the habit of
ssh-and-then-su, but the sole advantage of that now is auditing, I think
(i.e. you can see who used su).
--
`End users are just test loads for verifying that the system works, kind of
like resistors in an electrical circuit.' - Kaz Kylheku in c.o.l.d.s
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list