Re: Is SSH worth it??

From: Devdas Bhagat (dvb@users.sourceforge.net)
Date: 10/16/02 

Date: Thu, 17 Oct 2002 00:21:46 +0530
From: Devdas Bhagat <dvb@users.sourceforge.net>
To: security-basics@securityfocus.com

On 15/10/02 14:39 -0400, Chris Santerre wrote:
> You know I always wondered about this method. su - has you input a password.
> So If a sysadmin is on a cable modem at home, logs in as normal user w/ ssh,
> then does an su - and enters password, How is that any different? You are
> being sniffed on the cable network. Keep in mind you can now sniff SSH
> packets. So how could this be more secure? So wouldn't a hacker now have
> both the first user pass and the su - ?
Because the network traffic in a ssh connection is strongly encrypted
(its Secure shell), the cracker will have to do some rather powerful
decryption to get the password. There was a bug in OpenSSH that would
allow the specific encrypted text to be picked off the network (timing
issues, password characters were sent as sinlge bytes), but that has
been fixed a long time back.
Try snifing ssh encrypted traffic.

Oh, and by using keys, your password never crosses the network at all.

Plus, sudo is a lot more useful in such cases. You can grant relatively
granular access using sudo, without having to divulge the root password.

Hmmmm, given that a large part of admin requires editing of files,
$sudo vim
:!sh
#

is an easy way to get a root shell without ever using the root
password.

Devdas Bhagat

Relevant Pages

  • Re: shell script automatically logging in...
    ... |> | I'm new at shell scripting and don't really have the time to learn it ... |> | ...Now logged in as root ... | suiting this needs - even changed my sudo editor in the process :-), ... feeding the password into the SSH client. ...
    (comp.os.linux.development.system)
  • Re: rsync as root without ssh as root
    ... Since I keep my backups offsite, I'd much rather also do the backup via ssh. ... root without using a root login. ... Use the --rsync-path option to specify a sudo wrapper. ... That works if everything you copy is readable, but if you're going to copy read-only files you're going to need to invoke rsync as root. ...
    (comp.unix.shell)
  • Re: Ubuntu root password
    ... from GNU su. ... remote users can't log in as root. ... :> commands with sudo, so you are protected from yourself. ... single-command ssh key). ...
    (uk.comp.os.linux)
  • Re: using ssh authentication with sudo
    ... when using ssh authentication I tend to ssh straight into root. ... I have my sshd daemons configured to only allow root login via keys, no passwords allowed, so it's pretty secure. ... This amounts to the same thing as you are talking about if giving full root access but in case you were trying to use sudo to grant elevated privs to just a few commands, then I would suggest looking at the pam for sudo and seeing if there is a module to allow key authentication. ...
    (SSH)
  • root login thru ssh Was: hi all
    ... > i have problem with ssh ... It is not in general a good idea to login as root thru network (you ...
    (SSH)