One user, two passwords?

Thilo Six T.Six at
Wed Sep 6 19:40:41 UTC 2006

Hash: RIPEMD160

Thilo Six wrote the following on 06.09.2006 20:47:
> Scott Kitterman wrote the following on 06.09.2006 17:46:
> <snip>
>>> With the standard Ubuntu server setup and SSH added in a dictionary 
>>> attacker needs to guess one password.  With a root account and no root 
>>> login set for SSH, then it's two.
> <snip>
> IMHO it´s just the other way round. When you use su, root is a well
> known useraccount for attacks with a password-cruncher from outside.
> When using sudo, the password grabber has also to grab the right
> username according to this password to login.
> Only the right combination of both will let him in, and since on every
> ubuntu box the sudo (admin) user has an other username this is
> additional security.
>>> Scott K
> bye Thilo

partly i have to correct myself, since no one will ever let allow root
logins directly via ssh.
But then you can also have a second account+password for admin tasks
with sudo, too.
At last sudo is not less secure the su and personally i like it more.

bye Thilo
- --
i am on Ubuntu 2.6 KDE
- - some friend of mine

gpg key: Ox4A411E09

Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the kubuntu-users mailing list