On Thu, Jun 19, 2003 at 12:45:17PM -0600, Rodolfo J. Paiz wrote: > At 6/17/2003 08:18 +0100, you wrote: > >I have access to a machine in Germany where I log in with ssh and then do > >an su to root. The extra step adds no significant extra security -- > >although I'd be happy be wrong and for someone to explain why it does. > > There are a few simple but effective reasons: > > 1. The cracker must then guess a valid username in order to log > in. Not only a valid user, but one who is in the wheel group and has access > to becoming root (i.e. with permissions to use /bin/su). I have never sen a mchine where you have to be in the wheel group to use su. I assume you can set it up that way. -- ------------------------------------------- Aaron Konstam Computer Science Trinity University 715 Stadium Dr. San Antonio, TX 78212-7200 telephone: (210)-999-7484 email:akonstam@xxxxxxxxxxx
