Security of using sudo rather than su?

Derek Broughton news at
Thu Sep 14 13:03:21 UTC 2006

Adam Funk wrote:

> I've read the official explanation of the locked root account [1] and
> it still seems to me that this system can reduce security (in
> comparison with the traditional approach) because an attacker
> (especially a remote attacker) can gain root privileges by cracking
> one password (the main user's) rather than two (since normally root
> isn't allowed to log in over ssh).
> Why is this view wrong?

Normally _nobody_ is allowed to log in over ssh.  If you configure ssh, use
public/private key pairs, then you don't have a password issue at all. 
Then you can use sudo to limit (and log) what _anybody_ can access, so you
don't need to let anyone who can use ssh have complete access to your

More information about the ubuntu-users mailing list