One user, two passwords?
Thilo Six
T.Six at gmx.de
Wed Sep 6 18:47:48 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Scott Kitterman wrote the following on 06.09.2006 17:46:
<snip>
> With the standard Ubuntu server setup and SSH added in a dictionary
> attacker needs to guess one password. With a root account and no root
> login set for SSH, then it's two.
<snip>
IMHO it´s just the other way round. When you use su, root is a well
known useraccount for attacks with a password-cruncher from outside.
When using sudo, the password grabber has also to grab the right
username according to this password to login.
Only the right combination of both will let him in, and since on every
ubuntu box the sudo (admin) user has an other username this is
additional security.
> Scott K
bye Thilo
- --
i am on Ubuntu 2.6 KDE
- - some friend of mine
gpg key: Ox4A411E09
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE/xfTgkdHiUpBHgkRAzKNAJkBL+HBuRGImMV3KfXwDyMUpM4BjQCfYEA5
C23eWokUNPObQKQibuui1ps=
=oayl
-----END PGP SIGNATURE-----
More information about the kubuntu-users
mailing list