Page 1 of 1
SSH as root, why not?
Posted: Thu Apr 10, 2008 12:58 am
by alex.barylski
The obvious answer I am aware of, but if you allow remote login via a user, where is the difference if you also allow sudo/su???
Why couldn't an attacker login first as a user through SSH, then login as root using 'su' right after, which is what I have to do when I need to install applications or perform some root maintenance anyways.
Other than no logging for root (so I understand) where is the security benefit in enforcing this policy if I am the only one ever logging into the system via SSH?
Re: SSH as root, why not?
Posted: Thu Apr 10, 2008 4:14 am
by Jenk
For logging and auditing purposes. SarBox, for example, prohibits root logins. Switching to root once logged in is fine, you have a trace of who switched. Logging in as root, you do not.
It also adds an extra layer of security. If you allow root to login, the "hacker" has one stage already completed - the username. If you disallow it, they must first work out a username, then a password.
Re: SSH as root, why not?
Posted: Thu Apr 10, 2008 9:59 am
by pickle
If sudo is set up properly, the hacker still needs 2 passwords to get su privileges.
Re: SSH as root, why not?
Posted: Mon Apr 14, 2008 5:49 pm
by Doug G
pickle wrote:If sudo is set up properly, the hacker still needs 2 passwords to get su privileges.
Not really. If the hacker gets in via ssh as root, I don't think they need another password, they are already root
Ditto everything Jenk said.
Re: SSH as root, why not?
Posted: Tue Apr 15, 2008 5:33 pm
by VladSun
Doug G wrote:pickle wrote:If sudo is set up properly, the hacker still needs 2 passwords to get su privileges.
Not really. If the hacker gets in via ssh as root, I don't think they need another password, they are already root
Ditto everything Jenk said.
I think you misunderstood what
pickle meant.. The case is: No root login permitted via SSH, so one would need two passwords to get root.
@Hockey
There are several ways you can secure SSH:
1) PermitRootLogin No

2) Permit ssh protocol ver.2 only
3) Use key authorization instead of password whenever possible
2) Change the port SSH daemon listen on to none standard one - e.g. port 345
3) Set up an firewall rules to protect against brute force attacks.
Example:
Code: Select all
iptables -N SSH
iptables -I INPUT -p tcp --dport 22 --syn -j SSH
iptables -A SSH -p tcp -s 127.0.0.1 -j RETURN
iptables -A SSH -p tcp --syn --dport 22 -m recent --name bad_ssh --update --seconds 60 -j DROP
iptables -A SSH -p tcp --syn --dport 22 -m recent --name bad_ssh --set -j RETURN
Re: SSH as root, why not?
Posted: Wed Apr 16, 2008 6:06 am
by Chris Corbyn
VladSun wrote:1) PermitRootLogin No

2) Permit ssh protocol ver.2 only
3) Use key authorization instead of password whenever possible
2) Change the port SSH daemon listen on to none standard one - e.g. port 345
3) Set up an firewall rules to protect against brute force attacks.
Apparently we have a new series of numbers

Re: SSH as root, why not?
Posted: Wed Apr 16, 2008 6:22 am
by VladSun
LOL.
OK, I'll tell you the secret - it's new, it's "pi" based, but still have some problems with rounding errors, when viewed as the old fashioned 10 base numeric system

Re: SSH as root, why not?
Posted: Wed Apr 16, 2008 4:16 pm
by Doug G
I think you misunderstood what pickle meant.. The case is: No root login permitted via SSH, so one would need two passwords to get root.
The question was about allowing or not allowing ssh root logins, not how to gain root after a succesful login as another user, and that's what I responded to (as did Jenk).
Re: SSH as root, why not?
Posted: Wed Apr 16, 2008 7:23 pm
by VladSun
Doug G wrote:I think you misunderstood what pickle meant.. The case is: No root login permitted via SSH, so one would need two passwords to get root.
The question was about allowing or not allowing ssh root logins, not how to gain root after a succesful login as another user, and that's what I responded to (as did Jenk).
???
OK, let's have
pickle answered this...
Re: SSH as root, why not?
Posted: Thu May 15, 2008 9:56 am
by chaos
If your system is internet accessible, any of a million script kiddies can slowly attack your root account at their leisure, and given a long enough time frame with a static password, they will eventually succeed. There is more reason for this to happen because the name and permission level of the root account is well-known. If they have to attack another account, the difficulty of compromise is exponentially higher because they don't know your login name. They also don't know whether you have enough permissions to make compromise worth the effort. And why should they bother, really, when there are so many root accounts to work on?