Date: Thu, 20 Jan 2000 07:49:33 +0200 From: Marc Silver <marcs@is.co.za> To: sen_ml@eccosys.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000120074933.G8404@is.co.za> In-Reply-To: <20000120002132R.1000@eccosys.com> References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> <20000120002132R.1000@eccosys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Agreed. There are many ways to setup sshd. Personally, I use the AllowHosts stuff and ONLY allow RSA authentication. I know this isn't perfect, but like you said there are risks doing it either way. Cheers, Marc On Thu, Jan 20, 2000 at 12:21:32AM +0900, sen_ml@eccosys.com wrote: > marcs> That should never happen if this line is in your sshd_config file: > marcs> PermitRootLogin no > > marcs> I think it's better to log in as your user and then su to root. > > if you su, don't you have to type in the root password? even if the > session is encrypted, the password still goes over the wire. if you > use rsa key authentication you don't have that particular risk (though > you may have others). > > i don't think it is clear-cut whether it is better one way or the > other. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Marc Silver IS Hosting Infrastructure The Internet Solution Tel: (+27 11) 283 5500 Fax: (+27 11) 283 5001 E-mail: marcs@is.co.za Web: www.is.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000120074933.G8404>