From owner-freebsd-questions@FreeBSD.ORG  Sun May 31 03:49:03 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 41CA5106566C
	for <freebsd-questions@freebsd.org>;
	Sun, 31 May 2009 03:49:03 +0000 (UTC)
	(envelope-from perryh@pluto.rain.com)
Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34])
	by mx1.freebsd.org (Postfix) with ESMTP id EE76C8FC0A
	for <freebsd-questions@freebsd.org>;
	Sun, 31 May 2009 03:49:02 +0000 (UTC)
	(envelope-from perryh@pluto.rain.com)
Received: from agora.rdrop.com (66@localhost [127.0.0.1])
	by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id n4V3n03V042443
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Sat, 30 May 2009 20:49:01 -0700 (PDT)
	(envelope-from perryh@pluto.rain.com)
Received: (from uucp@localhost)
	by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id n4V3n02n042438; 
	Sat, 30 May 2009 20:49:00 -0700 (PDT)
Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407)
	id AA13471; Sat, 30 May 09 20:37:39 PDT
Date: Sat, 30 May 2009 20:36:47 -0700
From: perryh@pluto.rain.com
To: wojtek@wojtek.tensor.gdynia.pl
Message-Id: <4a21fb4f.tCv44B9UaB1L03/b%perryh@pluto.rain.com>
References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th>
	<200905280847.12966.kirk@strauser.com>
	<alpine.BSF.2.00.0905281553001.60364@wojtek.tensor.gdynia.pl>
	<200905280904.44025.kirk@strauser.com>
	<20090528183801.82b36bbb.freebsd@edvax.de>
	<alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl>
	<4a1f9cf7.UEl7lAiK4FGe5eG7%perryh@pluto.rain.com>
	<alpine.BSF.2.00.0905291249220.10254@wojtek.tensor.gdynia.pl>
In-Reply-To: <alpine.BSF.2.00.0905291249220.10254@wojtek.tensor.gdynia.pl>
User-Agent: nail 11.25 7/29/05
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Remotely edit user disk quota
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 May 2009 03:49:03 -0000

Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote:

> > Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote:
> >
> >> Even 15 seconds of thinking is enough to understand that logging
> >> to other user and then su - gives completely no extra security.
> >
> > I don't buy this, given that root's login name is well known :)
>
> if someone can intercept the passwords you type, then he/she will 
> intercept both user password you log in and then su password you
> type.
>
> He/she actually can gain more if you use su, as you may use the
> same user password somewhere else.

The whole point of ssh is to prevent this sort of thing, by
encrypting the message traffic over this insecure communication
channel.  An attacker may be able to intercept the encrypted
traffic, but it will take a skilled cryptanalyst and a lot of CPU
time -- or the attacker will have to be very lucky -- to decrypt
the message and recover the passwords while they are still valid.
(You *do* change passwords periodically, don't you?)