ssh and remote sudo not hiding password
Colin Law
clanlaw at googlemail.com
Fri Nov 13 16:09:12 UTC 2009
2009/11/13 Derek Broughton <derek at pointerstop.ca>:
> Hal Burgiss wrote:
>
>> On Thu, Nov 12, 2009 at 10:12:54AM -0500, Brian McKee wrote:
>>>
>>> Don't recommend doing so without at least acknowledging that's not the
>>> way this distro was planned to be used.
>>
>> And who are you to tell me what I can recommend and what I can't? If this
>> is your list, pull the plug on me. If not, shove it. Sideways. I don't
>> much care how "the way the distro was planned to be used", I was not on
>> the planning committee and did not sign on the dotted line or take the
>> pledge.
@Hal Burgis: You may not care about the way the distro was planned to
be used but I would suggest that it is not a good idea to recommend a
practice that is controversial for Ubuntu without explaining the
inherent risks.
> Nevertheless, you're recommending insecure practices to somebody who clearly
> doesn't have much of an idea why it _would_ be insecure. Not nice.
@Derek Broughton: Actually I (as the OP) do know perfectly well that
the suggestion would be insecure, and would not have entertained the
suggestion to set a root account and ssh in as root. This would not
even answer the question I originally asked. However I agree entirely
with your sentiments, many reading the list would not understand the
security issues.
This is good, I have never set off a flame war before. Or do we need
a few more angry posters in order for it to be classed as a war rather
than a scuffle. Perhaps I need to consult wikipedia for a definition.
:)
Colin
More information about the ubuntu-users
mailing list