I have access to a machine in Germany where I log in with ssh and then do an su to root. The extra step adds no significant extra security -- although I'd be happy be wrong and for someone to explain why it does.
There are a few simple but effective reasons:
1. The cracker must then guess a valid username in order to log in. Not only a valid user, but one who is in the wheel group and has access to becoming root (i.e. with permissions to use /bin/su).
2. The cracker cannot brute-force or dictionary attack the opensshd with different password for "root" (even just a few times).
3. The cracker must steal or guess at least two passwords instead of one.
4. Social engineering becomes somewhat more difficult.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
