On Thu, 2003-06-19 at 17:38, Aaron Konstam wrote: > On Thu, Jun 19, 2003 at 12:45:17PM -0600, Rodolfo J. Paiz wrote: > > At 6/17/2003 08:18 +0100, you wrote: > > >I have access to a machine in Germany where I log in with ssh and then do > > >an su to root. The extra step adds no significant extra security -- > > >although I'd be happy be wrong and for someone to explain why it does. > > > > There are a few simple but effective reasons: > > > > 1. The cracker must then guess a valid username in order to log > > in. Not only a valid user, but one who is in the wheel group and has access > > to becoming root (i.e. with permissions to use /bin/su). > I have never sen a mchine where you have to be in the wheel group to > use su. I assume you can set it up that way. ---- BSD Craig
