From owner-freebsd-hackers Fri Dec 5 18:21:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA06230 for hackers-outgoing; Fri, 5 Dec 1997 18:21:35 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from phoenix.its.rpi.edu (dec@phoenix.its.rpi.edu [128.113.161.45]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA06220 for ; Fri, 5 Dec 1997 18:21:29 -0800 (PST) (envelope-from dec@phoenix.its.rpi.edu) Received: from localhost (dec@localhost) by phoenix.its.rpi.edu (8.8.8/8.8.7) with SMTP id VAA07069; Fri, 5 Dec 1997 21:21:03 -0500 (EST) (envelope-from dec@phoenix.its.rpi.edu) Date: Fri, 5 Dec 1997 21:21:03 -0500 (EST) From: "David E. Cross" To: Alex cc: John-Mark Gurney , Jaye Mathisen , Jim Bryant , ircadmin@shellnet.co.uk, freebsd-hackers@FreeBSD.ORG Subject: Re: Telnet Root access In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > On Fri, 5 Dec 1997, John-Mark Gurney wrote: > > > Jaye Mathisen scribbled this message on Dec 5: > > > > > > > > > > man su > > > > > > > > > > I'm not sure how I see su helping. If he has to telnet in as a normal > > > user, then su to root, he still has to send the root password in the > > > clear. > > > > what it prevents is brute force password attempts to directly break > > root's acount... > > Actually it doesn't really even prevent that. Su just adds more detailed > logging of the attempts, which are more likely (IMO) to draw attention. many people will just capture the fist 100 or so characters sent to a session... logging everything you enter on a connection is a waste of space, and they need to dig through tht later. IMO: sending the root password plaintext over the network at any time is a *NO*. I *only* use ssh to connect as root (even when su-ing), and only from a host I trust, and a binary I trust. I have learned the hard way not to compromise on neteork/system security. -- David Cross ACS Consultant