Date: Sat, 30 May 2009 20:36:47 -0700 From: perryh@pluto.rain.com To: wojtek@wojtek.tensor.gdynia.pl Cc: freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota Message-ID: <4a21fb4f.tCv44B9UaB1L03/b%perryh@pluto.rain.com> In-Reply-To: <alpine.BSF.2.00.0905291249220.10254@wojtek.tensor.gdynia.pl> References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <200905280847.12966.kirk@strauser.com> <alpine.BSF.2.00.0905281553001.60364@wojtek.tensor.gdynia.pl> <200905280904.44025.kirk@strauser.com> <20090528183801.82b36bbb.freebsd@edvax.de> <alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl> <4a1f9cf7.UEl7lAiK4FGe5eG7%perryh@pluto.rain.com> <alpine.BSF.2.00.0905291249220.10254@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote: > > Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote: > > > >> Even 15 seconds of thinking is enough to understand that logging > >> to other user and then su - gives completely no extra security. > > > > I don't buy this, given that root's login name is well known :) > > if someone can intercept the passwords you type, then he/she will > intercept both user password you log in and then su password you > type. > > He/she actually can gain more if you use su, as you may use the > same user password somewhere else. The whole point of ssh is to prevent this sort of thing, by encrypting the message traffic over this insecure communication channel. An attacker may be able to intercept the encrypted traffic, but it will take a skilled cryptanalyst and a lot of CPU time -- or the attacker will have to be very lucky -- to decrypt the message and recover the passwords while they are still valid. (You *do* change passwords periodically, don't you?)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a21fb4f.tCv44B9UaB1L03/b%perryh>