Les Mikesell wrote: > Michael A. Peters wrote: > >>> Errr, why is it easier to get an admin user's name and password than the >>> root password? >> Because typically you only allow root login via console or an existing >> login. > > I don't see how that relates to the question. It relates because your administrators generally log in from remote locations. For ssh they may be using a pass phrase (assuming their has been a key exchange previously) but not necessarily. Unless all methods of connecting refuse password authentication, there is a possibility of brute force password discovery. > >> You can brute force a user password (or sniff if the admin is lazy in >> how they connect - IE not using proper pass phrase, MITM attacks - >> possible with the SSH bug that Debian/Ubuntu had) etc. but normally the >> root account is disabled from remote login so it can't be remotely brute >> forced or sniffed. > > Normally? As in a default install? if you compile openssh from source, root login is disabled. Distro's usually (and I disagree with this) default to allow root login - justification being it's the only way to get in after doing a remote install, but there are better ways to solve that. But yes - any admin will lock down ssh (and any other services) as soon as the install is finished to forbid root login, any admin that does not needs to get a job selling real estate. > >> What you normally do is give sudo access to the commands (or wrappers to >> the commands) that a particular sysadmin might need to use but you don't >> give them full root access, thereby limiting the damage that can be done >> should their password be compromised. > > Who is 'them'? And if you haven't shared the root password, what > happens when you get hit by a bus? If I get hit by a bus, I don't personally care what happens, but of course there is more than one individual who has the master root password. Most of your junior don't need it and shouldn't have it, you can give them access via sudo to the specific things they need to do (and log sudo to a log machine they don't have access to) that require privilege escalation. The point is you should never be able to gain a root shell knowing just a username and password for which a remote connection is allowed, and that's exactly what the OS X / Ubuntu default sudo configuration allows. >