Security of using sudo rather than su?
Derek Broughton
news at pointerstop.ca
Thu Sep 14 13:03:21 UTC 2006
Adam Funk wrote:
> I've read the official explanation of the locked root account [1] and
> it still seems to me that this system can reduce security (in
> comparison with the traditional approach) because an attacker
> (especially a remote attacker) can gain root privileges by cracking
> one password (the main user's) rather than two (since normally root
> isn't allowed to log in over ssh).
>
> Why is this view wrong?
Normally _nobody_ is allowed to log in over ssh. If you configure ssh, use
public/private key pairs, then you don't have a password issue at all.
Then you can use sudo to limit (and log) what _anybody_ can access, so you
don't need to let anyone who can use ssh have complete access to your
system.
--
derek
More information about the ubuntu-users
mailing list