From owner-freebsd-security Wed Jan 19 21:49:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id C276E1534B for ; Wed, 19 Jan 2000 21:49:38 -0800 (PST) (envelope-from marcs@is.co.za) Received: from hermwas.is.co.za (hermwas.is.co.za [196.23.0.8]) by mercury.is.co.za (8.9.3/8.9.3) with ESMTP id HAA30121; Thu, 20 Jan 2000 07:49:35 +0200 Received: (from marcs@localhost) by hermwas.is.co.za (8.9.3/8.9.3) id HAA22839; Thu, 20 Jan 2000 07:49:33 +0200 (SAT) Date: Thu, 20 Jan 2000 07:49:33 +0200 From: Marc Silver To: sen_ml@eccosys.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000120074933.G8404@is.co.za> References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> <20000120002132R.1000@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <20000120002132R.1000@eccosys.com> X-Operating-System: SunOS 5.6 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Agreed. There are many ways to setup sshd. Personally, I use the AllowHosts stuff and ONLY allow RSA authentication. I know this isn't perfect, but like you said there are risks doing it either way. Cheers, Marc On Thu, Jan 20, 2000 at 12:21:32AM +0900, sen_ml@eccosys.com wrote: > marcs> That should never happen if this line is in your sshd_config file: > marcs> PermitRootLogin no > > marcs> I think it's better to log in as your user and then su to root. > > if you su, don't you have to type in the root password? even if the > session is encrypted, the password still goes over the wire. if you > use rsa key authentication you don't have that particular risk (though > you may have others). > > i don't think it is clear-cut whether it is better one way or the > other. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Marc Silver IS Hosting Infrastructure The Internet Solution Tel: (+27 11) 283 5500 Fax: (+27 11) 283 5001 E-mail: marcs@is.co.za Web: www.is.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message