From owner-freebsd-questions@FreeBSD.ORG Thu May 28 19:34:12 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C12CF10656AB for ; Thu, 28 May 2009 19:34:12 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [IPv6:2001:4070:101:2::1]) by mx1.freebsd.org (Postfix) with ESMTP id 0393D8FC2C for ; Thu, 28 May 2009 19:34:11 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1]) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n4SJY3r7062053; Thu, 28 May 2009 21:34:03 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id n4SJY25q062050; Thu, 28 May 2009 21:34:02 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Date: Thu, 28 May 2009 21:34:02 +0200 (CEST) From: Wojciech Puchar To: Polytropon In-Reply-To: <20090528183801.82b36bbb.freebsd@edvax.de> Message-ID: References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <200905280847.12966.kirk@strauser.com> <200905280904.44025.kirk@strauser.com> <20090528183801.82b36bbb.freebsd@edvax.de> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 19:34:13 -0000 > good as the weakest point. Of course you can add security by > using SSH, and it's definitely indicated when doing things via > the Internet. As long as you are inside your own net, covered > from the Internet, with only trustworthy machines inside it, > you could even use telnet. which i actually do. even more! i ALWAYS change configuration to allow root login from telnet rsh and ssh which is disabled by default. Even 15 seconds of thinking is enough to understand that logging to other user and then su - gives completely no extra security. And yes - i do log as root by "insecure" rsh and telnet. The only think you should be aware is to not do it when connection is from outside and insecure. This case i actually don't use even ssh if it's not mine computer. How can i be sure that ssh is secure, but keylogging isn't installed?