Security of using sudo rather than su?

[Derek Broughton]

Adam Funk wrote:

> I've read the official explanation of the locked root account [1] and
> it still seems to me that this system can reduce security (in
> comparison with the traditional approach) because an attacker
> (especially a remote attacker) can gain root privileges by cracking
> one password (the main user's) rather than two (since normally root
> isn't allowed to log in over ssh).
> 
> Why is this view wrong?

Normally _nobody_ is allowed to log in over ssh.  If you configure ssh, use
public/private key pairs, then you don't have a password issue at all. 
Then you can use sudo to limit (and log) what _anybody_ can access, so you
don't need to let anyone who can use ssh have complete access to your
system.
-- 
derek