Security of using sudo rather than su?

Peter Garrett peter.garrett at optusnet.com.au
Sun Sep 17 13:32:02 UTC 2006


On Sun, 17 Sep 2006 14:48:32 +0200
Alexander Skwar <listen at alexander.skwar.name> wrote:

> ยท Dennis Kaarsemaker <dennis at kaarsemaker.net>:
> > On do, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
> >> Dennis Kaarsemaker <dennis at kaarsemaker.net>:
> 
> >> > Because normally, root *can* login over ssh and 'root' is a very
> >> > well-known username.
> 
> Actually, that's wrong. root normally *cannot* do this.

Well, from a default newly installed /etc/ssh/sshd_config  :

# Authentication:
LoginGraceTime 120
PermitRootLogin yes     ## << My emphasis
StrictModes yes

So, as Dennis said, on Ubuntu that is in fact the default, as you will
find if you set a root password and try to log in...  ( not recommended,
at least not by most... ).

Of course, you might say Ubuntu is not normal, for some value of
"normal" ;-)

Peter




More information about the ubuntu-users mailing list