[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Upcoming OpenSSH vulnerability
On Wed, Jun 26, 2002 at 10:00:43AM -0700, Scott Francis wrote:
> On Tue, Jun 25, 2002 at 05:59:07PM -0700, email@example.com
> > A related but different question: best practices dictate using
> > sudo and not logging in as root. Regardless of the current
> > bug, are there non-policy reasons to avoid ``PermitRootLogin
> > yes''?
> sudo + ssh keys is a great way to manage a large network without
> having to give ANYBODY root's password. And when an employee
> leaves, you just remove their account on the admin box, and
> they're off the network. No need to change passwords on every
> box, because they never had them.
Agreed, but that's not what I'm asking. I said, ``non-policy.''
Privelege separation prevents whole classes of exploits by running
a lot of code as an unpriveleged user. At least a casual glance
would indicate that some of that sepatation isn't possible or
becomes moot when direct root logins are permitted.
Is it conceivable that, *from a technical standpoint,* some sort
of compromise could exist with ``PermitRootLogin yes'' that
wouldn't exist without?
I don't permit root logins, I use keypairs and sudo. This
isn't ``I'm too lazy to do the right thing.'' This is, ``Is
there the theoretical potential for an exploit with the default
configuration that isn't possible with a different well-documented
configuration?'' And, yes, in theory, anything is possible.
Does anybody who knows the SSH code care to comment on the
architecture of root logins?
[demime 0.98d removed an attachment of type application/pgp-signature]