SSH hacked?

[Chris G]

On Thu, Jan 15, 2009 at 08:21:48AM -0500, Mark Haney wrote:
> Res wrote:
> 
> >>>
> >> I fail to see how that's incorrect, then?  I occasionally see attempts
> >> to break in with root, but not that often.  That wasn't really my point.
> >> The point is that not allowing ANY privileged account login access via
> >> any method effectively makes breaking in with them impossible. This is
> > 
> > Breaking in with them perhaps, but what if they get in under a user, a 
> > user that happens to be auth'd to su/sudo/whatever, never be complacent 
> > about possible threats.
> 
> Of course, I do not dispute that.  I'm talking about limiting the number
> of possible attack vectors.  Hacking root gives a hacker full rights.
> Exploiting a user account still means the hacker has find a way to get
> root privileges.  Granted if that user has sudo rights, that's just as
> bad, but not every user account has that right, so it's not a guarantee.
> 
It's one of the reasons I don't use sudo (no one has any sudo
privileges) on my system.  I also have ssh root access disabled.

So, to get root access, an attacker using ssh has to first guess my
(or another user) password and then guess the root password.

(In addition ssh is only allowed from a few IP addresses but that's
irrelevant to my comment above)

-- 
Chris Green