ssh and remote sudo not hiding password
Smoot Carl-Mitchell
smoot at tic.com
Fri Nov 13 19:33:41 UTC 2009
On Fri, 2009-11-13 at 13:43 -0500, Hal Burgiss wrote:
> On Fri, Nov 13, 2009 at 10:49:24AM -0400, Derek Broughton wrote:
> > Nevertheless, you're recommending insecure practices to somebody who clearly
> > doesn't have much of an idea why it _would_ be insecure. Not nice.
>
> a) Its not insecure. There are any number of Unix like systems
> (all the *BSD's I believe?) that have root accounts with passwords.
>
I agree with Hal. Root password per se are not insecure. Personally, I
find using sudo more convenient, but there are different ways to handle
security. It all depends on what you want to protect and how valuable
it is. On server systems I usually have a valid root password, since
if, say, I have LDAP authentication and the network goes south and
prevents me from authenticating normally via LDAP, then I can login as
root on the console which is a lot better than rebooting the system to
gain access.
The Ubuntu folks made an engineering decision to not have a root
password. I think it as a good choice for a desktop OS as it avoids the
confusion of having two password to remember. Being a Unix like system
that choice can always be changed and easily customized by the system
owner.
--
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list