Re: connecting as root

Subject: Re: connecting as root
From: Alistair Riddell (ali@watsons.edin.sch.uk)
Date: Sat Jan 29 2000 - 19:11:11 EST

• Next message: Clyde Jones: "Time out an appletalk connection?"
• Previous message: Darron Froese: "Re: connecting as root"
• In reply to: Darron Froese: "Re: connecting as root"
• Next in thread: Martin Wilhelm Leidig: "Re: connecting as root"
• Reply: Alistair Riddell: "Re: connecting as root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In addition to these reasons there is also accountability. The idea is
that in an environment where more than one person might know the root
password, unless you have physical access to the console you must
authenticate yourself as a normal user to make your true identity known
before you change to root.

On Sat, 29 Jan 2000, Darron Froese wrote:

> on 1/29/00 11:14 AM, Martin Wilhelm Leidig at mwl@moss.net wrote:
>
> > Could you (or another one) please explain those technical
> > reasons a bit further (and why it shouldn't be a config file
> > option therefor)?
>
> Martin,
>
> Generally, connecting as root is somewhat discouraged because of a few
> reasons:
>
> 1. Since you are the "god" user on the system - a simple mistake when you're
> deleting or overwriting things can be disastrous. You could destroy
> everything and not get much warning - because you're root.
>
> 2. Connecting as the root user over such methods as telnet, ftp - or
> anything else - exposes your root password in cleartext over the network.
> That's another bad idea - if you don't understand why, then that's another
> reason why you shouldn't be connecting as root.
>
> The best way to connect to your box and administrate it is probably this:
>
> 1. Probably change your root password - as it's gone over the wire a few
> times already. ;-)
> 2. Undo your changes to allow root to login via ftp and telnet.
> 3. Learn to use "su" to *change* to the root user when you're already logged
> in with a normal username and password.
> 4. Download and install OpenSSH <http://www.openssh.org/> on your Linux box
> - this is sort of like "encrypted telnet" - in other words, your password
> (or any command for that matter) never goes over the wire in cleartext.
> 5. There is a ssh client for the MacOS for OpenSSH and you can get it here:
> <http://www.lysator.liu.se/~jonasw/download/niftytelnet-1.1-ssh-r3.hqx>
>
> Hope that helped at all. If you have any more questions - please let me
> know.
> --
> Darron
> darron@fudgehead.com
>

-- 
Alistair Riddell - BOFH
IT Support Department, George Watson's College, Edinburgh
Tel: +44 131 447 7931 Ext 176       Fax: +44 131 452 8594
Microsoft - because god hates us

• Next message: Clyde Jones: "Time out an appletalk connection?"
• Previous message: Darron Froese: "Re: connecting as root"
• In reply to: Darron Froese: "Re: connecting as root"
• Next in thread: Martin Wilhelm Leidig: "Re: connecting as root"
• Reply: Alistair Riddell: "Re: connecting as root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:29:55 EST