From owner-freebsd-hackers  Fri Dec  5 18:51:46 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id SAA08563
          for hackers-outgoing; Fri, 5 Dec 1997 18:51:46 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from zippy.dyn.ml.org (garbanzo@seoul-235.ppp.hooked.net [206.169.228.235])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA08558
          for <freebsd-hackers@FreeBSD.ORG>; Fri, 5 Dec 1997 18:51:39 -0800 (PST)
          (envelope-from garbanzo@hooked.net)
Received: from localhost (garbanzo@localhost)
	by zippy.dyn.ml.org (8.8.8/8.8.7) with SMTP id SAA12487;
	Fri, 5 Dec 1997 18:52:07 -0800 (PST)
X-Authentication-Warning: zippy.dyn.ml.org: garbanzo owned process doing -bs
Date: Fri, 5 Dec 1997 18:52:06 -0800 (PST)
From: Alex <garbanzo@hooked.net>
X-Sender: garbanzo@zippy.dyn.ml.org
Reply-To: Alex <garbanzo@hooked.net>
To: "David E. Cross" <dec@phoenix.its.rpi.edu>
cc: John-Mark Gurney <gurney_j@resnet.uoregon.edu>,
        Jaye Mathisen <mrcpu@cdsnet.net>, Jim Bryant <jbryant@unix.tfs.net>,
        ircadmin@shellnet.co.uk, freebsd-hackers@FreeBSD.ORG
Subject: Re: Telnet Root access
In-Reply-To: <Pine.BSF.3.96.971205211836.7036A-100000@phoenix.its.rpi.edu>
Message-ID: <Pine.BSF.3.96.971205184841.12387B-100000@zippy.dyn.ml.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Fri, 5 Dec 1997, David E. Cross wrote:

> > Actually it doesn't really even prevent that.  Su just adds more detailed
> > logging of the attempts, which are more likely (IMO) to draw attention.
> many people will just capture the fist 100 or so characters sent to a
> session... logging everything you enter on a connection is a waste of
> space, and they need to dig through tht later.
> 
> IMO: sending the root password plaintext over the network at any time is a
> *NO*.  I *only* use ssh to connect as root (even when su-ing), and only
> from a host I trust, and a binary I trust.  I have learned the hard way
> not to compromise on neteork/system security.

AFAIK, su just logs information like so:

Dec  5 17:18:44 zippy su: alex to root on /dev/ttyp0
or
Dec  5 18:49:43 zippy su: BAD SU alex to root on /dev/ttyp2

which is somewhat more informative than what login provides:

Dec  5 16:12:50 zippy login: ROOT LOGIN (root) ON ttyv1

Either way, you and everyone else who suggested ssh are right, ssh is
still the way to go if security is a concern.

- alex