ssh default security risc
gert.cuykens at gmail.com
Thu Feb 3 19:10:17 PST 2005
On Fri, 4 Feb 2005 03:33:41 +0100, FreeBSD questions mailing list
<FreeBSD at amadeus.demon.nl> wrote:
> On 04 feb 2005, at 02:59, Gert Cuykens wrote:
> > On Thu, 3 Feb 2005 16:54:01 -0800, FreeBSD questions mailing list
> > <FreeBSD at amadeus.demon.nl> wrote:
> >> You really need to look at it from a different point of view...
> >> If you want to prevent people from breaking into your car you lock the
> >> doors.
> >> Don't say "If they break the locks and get in, I can't use my key
> >> anymore. So keep the doors unlocked", do you?
> >> My point of view...
> >> Arno
> > I like this point of view game :)
> > How many locks are there in your car, lets say ever user has a lock
> > the trunk the left and the right door. Now imagine your little kit
> > waving to you behind the windows. You want to kick his butt because he
> > broke your brand new television set. You cant go in your car because
> > he pushes on the lock button so you can't turn the key. To make things
> > wurse your kid is trying to play with the root engine but he can't get
> > the engine to start. Enabeling the ssh root is like having the remote
> > car key that opens every door at once so you can get in to kick his
> > butt :)
> No it is not!
> It is like giving the key to the burglar who's after your car stereo.
> If he'd only know you (have your account) then he would only be able to
> trace your car, look at it, look what's inside but not change anything.
> He would still need to go after the keys...
> Really it is the opposite of what you're thinking.
> If root login is disabled and an intruder hacks a user account he can
> only change things as much as you allow the account to make changes to
> the system.
> The intruder still needs to go for the root password after this, if
> he's after total control of your comp.
> When the intruder changes your password but doesn't get root access you
> can't get in but your system is far less damaged.
> If root login is enabled then the intruder has half the work to get
> full access to the system.
> And you can't access the comp at all after that has happened.
ok i admid that two passwords is more secure then one :)
More information about the freebsd-questions