Michael A. Peters wrote:
Errr, why is it easier to get an admin user's name and password than the root password?
Because typically you only allow root login via console or an existing login.
I don't see how that relates to the question.
You can brute force a user password (or sniff if the admin is lazy in how they connect - IE not using proper pass phrase, MITM attacks - possible with the SSH bug that Debian/Ubuntu had) etc. but normally the root account is disabled from remote login so it can't be remotely brute forced or sniffed.
Normally? As in a default install?
What you normally do is give sudo access to the commands (or wrappers to the commands) that a particular sysadmin might need to use but you don't give them full root access, thereby limiting the damage that can be done should their password be compromised.
Who is 'them'? And if you haven't shared the root password, what happens when you get hit by a bus?