Security Basics mailing list archives
RE: Is SSH worth it??
From: "Graham, Randy (RAW) " <grahamrw () y12 doe gov>
Date: Mon, 14 Oct 2002 15:21:28 -0400
You ssh as a normal user and then use 'su -' to switch over to root. Without that, you have no way of knowing who connected to a server as root. By forcing connections as normal users and using su, you can have some auditing (to prevent the "I didn't do it" syndrome). Randy Graham -- When in danger\or in doubt\run in circles\scream and shout!
-----Original Message----- From: Chris Berry [mailto:compjma () hotmail com] Sent: Thursday, October 10, 2002 12:53 PM To: security-basics () securityfocus com Subject: Re: Is SSH worth it??From: Johan De Meersman <johan () ops skynet be> I don't think it's ever a good idea to allow root ssh to any machineWhy not? Also, how are you going to remote administer it without some sort of control SSH, VNC, etc? Chris Berry compjma () hotmail com Systems Administrator JM Associates "I have found the way, and the way is Perl." _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
Current thread:
- Re: Is SSH worth it?? David Corking (Oct 15)
- <Possible follow-ups>
- RE: Is SSH worth it?? Graham, Randy (RAW) (Oct 15)
- Re: Is SSH worth it?? Johan De Meersman (Oct 15)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 18)
- Re: Is SSH worth it?? David Corking (Oct 21)
- Re: Is SSH worth it?? Richard Caley (Oct 21)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? David Corking (Oct 16)
- RE: Is SSH worth it?? Chris Santerre (Oct 16)
- Re: Is SSH worth it?? Devdas Bhagat (Oct 17)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 17)