From owner-freebsd-security Wed Jan 19 7:20:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by hub.freebsd.org (Postfix) with SMTP id EDEED14BFD for ; Wed, 19 Jan 2000 07:20:55 -0800 (PST) (envelope-from sen_ml@eccosys.com) Received: (qmail 25424 invoked from network); 19 Jan 2000 15:19:45 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 19 Jan 2000 15:19:45 -0000 To: freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' From: sen_ml@eccosys.com In-Reply-To: <20000119155203.C8404@is.co.za> References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> X-Mailer: Mew version 1.94.1 on Emacs 20.5 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000120002132R.1000@eccosys.com> Date: Thu, 20 Jan 2000 00:21:32 +0900 X-Dispatcher: imput version 990905(IM130) Lines: 12 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org marcs> That should never happen if this line is in your sshd_config file: marcs> PermitRootLogin no marcs> I think it's better to log in as your user and then su to root. if you su, don't you have to type in the root password? even if the session is encrypted, the password still goes over the wire. if you use rsa key authentication you don't have that particular risk (though you may have others). i don't think it is clear-cut whether it is better one way or the other. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message