Date: Fri, 4 Feb 2005 04:10:11 +0100 From: Gert Cuykens <gert.cuykens@gmail.com> To: FreeBSD questions mailing list <FreeBSD@amadeus.demon.nl> Cc: freebsd <freebsd-questions@freebsd.org> Subject: Re: ssh default security risc Message-ID: <ef60af0905020319106434e589@mail.gmail.com> In-Reply-To: <74319c330bfa974501ea463b9ef4635c@amadeus.demon.nl> References: <ef60af09050203143220daf9f9@mail.gmail.com> <4202B512.9080306@cis.strath.ac.uk> <ef60af09050203153670e8f27f@mail.gmail.com> <4202BC4E.4090809@cis.strath.ac.uk> <ef60af090502031604391fcbd6@mail.gmail.com> <bf55966e0db107001d1dd92afb1e62e2@amadeus.demon.nl> <ef60af09050203175930a30af9@mail.gmail.com> <74319c330bfa974501ea463b9ef4635c@amadeus.demon.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 4 Feb 2005 03:33:41 +0100, FreeBSD questions mailing list <FreeBSD@amadeus.demon.nl> wrote: > > On 04 feb 2005, at 02:59, Gert Cuykens wrote: > > > On Thu, 3 Feb 2005 16:54:01 -0800, FreeBSD questions mailing list > > <FreeBSD@amadeus.demon.nl> wrote: > >> You really need to look at it from a different point of view... > >> If you want to prevent people from breaking into your car you lock the > >> doors. > >> Don't say "If they break the locks and get in, I can't use my key > >> anymore. So keep the doors unlocked", do you? > >> My point of view... > >> Arno > >> > > > > I like this point of view game :) > > > > How many locks are there in your car, lets say ever user has a lock > > the trunk the left and the right door. Now imagine your little kit > > waving to you behind the windows. You want to kick his butt because he > > broke your brand new television set. You cant go in your car because > > he pushes on the lock button so you can't turn the key. To make things > > wurse your kid is trying to play with the root engine but he can't get > > the engine to start. Enabeling the ssh root is like having the remote > > car key that opens every door at once so you can get in to kick his > > butt :) > > > No it is not! > It is like giving the key to the burglar who's after your car stereo. > If he'd only know you (have your account) then he would only be able to > trace your car, look at it, look what's inside but not change anything. > He would still need to go after the keys... > > Really it is the opposite of what you're thinking. > If root login is disabled and an intruder hacks a user account he can > only change things as much as you allow the account to make changes to > the system. > The intruder still needs to go for the root password after this, if > he's after total control of your comp. > When the intruder changes your password but doesn't get root access you > can't get in but your system is far less damaged. > > If root login is enabled then the intruder has half the work to get > full access to the system. > And you can't access the comp at all after that has happened. > > A > ok i admid that two passwords is more secure then one :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef60af0905020319106434e589>