Functionality
carl at bl.echidna.id.au
carl at bl.echidna.id.au
Fri Apr 27 11:30:08 EST 2001
> From: Tom Holroyd <tomh at po.crl.go.jp>
>
> > > What he is proposing is for OpenSSH to disregard a system-wide policy
> > > decision -- that root should not be permitted to directly log in from
> > > the network. There are more reasons to disable remote logins as root
> > > (vs. normal login then su) than just to prevent plaintext use of the
> > > root password; for example, audit trails for a group of admins or site
> > > security policies. This patch would violate the expected behavior of
> > > the system.
>
> As we all know, disabling remote root logins as a security measure is an
> old policy from the days before strong authentication methods. As pointed
> out above, there *are* other issues, but they also have other solutions.
> These days, normal login followed by su is less secure than allowing a
> direct root login.
>
> ssh -l user host
> su
> <root password exposed to traffic analysis>
Erm ... traffic analysis? Where?
Ssh is encrypted.
More information about the openssh-unix-dev
mailing list