One user, two passwords?
Thilo Six
T.Six at gmx.de
Wed Sep 6 19:40:41 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Thilo Six wrote the following on 06.09.2006 20:47:
> Scott Kitterman wrote the following on 06.09.2006 17:46:
>
> <snip>
>>> With the standard Ubuntu server setup and SSH added in a dictionary
>>> attacker needs to guess one password. With a root account and no root
>>> login set for SSH, then it's two.
> <snip>
>
> IMHO it´s just the other way round. When you use su, root is a well
> known useraccount for attacks with a password-cruncher from outside.
> When using sudo, the password grabber has also to grab the right
> username according to this password to login.
> Only the right combination of both will let him in, and since on every
> ubuntu box the sudo (admin) user has an other username this is
> additional security.
>
>>> Scott K
>
> bye Thilo
partly i have to correct myself, since no one will ever let allow root
logins directly via ssh.
But then you can also have a second account+password for admin tasks
with sudo, too.
At last sudo is not less secure the su and personally i like it more.
bye Thilo
- --
i am on Ubuntu 2.6 KDE
- - some friend of mine
gpg key: Ox4A411E09
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE/yQ4gkdHiUpBHgkRAy9nAJ9UYKMD3sVBBzKmR3ZtQIPSROZNPQCgo+EN
NIuudul9r5LDVYmKQQ2tdWI=
=IsBw
-----END PGP SIGNATURE-----
More information about the kubuntu-users
mailing list