Another reason *to* use sudo?
Ben Edwards
funkytwig at gmail.com
Mon Nov 22 16:12:04 UTC 2004
On Mon, 22 Nov 2004 13:48:01 +0000 (GMT), Paul Sladen
<sounder at paul.sladen.org> wrote:
> On Mon, 22 Nov 2004, Ben Edwards wrote:
>
> Hello Ben,
>
> > We were trying to decide whether to enable root on the Ubuntu PCs we
> > have been setting up at a community center
>
> I strongly recommend you do not.
>
> > If you ssh into a box the password of the initial account you log in is
> > _not_ encrypted
>
> This is untrue. SSH stands for 'Secure SHell'. OpenSSH is developed by the
> OpenBSD team and ensures end-to-end crypto of everything---passwords most
> importantly.
>
> The first time you SSH login to a new machine you'll be asked to confirm the
> 'fingerprint' of the machine at the other end. This is to make sure you are
> talking to the machine you expect and not to somebody pretending to be that
> server.
>
> > your password could be snifed
>
> Only if you're using unencrypted Telnet, FTP or POP3. You must be nuts if
> you do that.
>
> > I should also mention that the good thing about sudo which is not on
> > the RootSudo page is that you can selectively give people access to
> > various aspects of roots privileges
>
> Given that you yourself are talking about the merits of using 'sudo', why
> are you questioning your own decision and considering changing the
> out-of-the-box configuration to something you are less sure about?
"We were trying to decide" was how my email started - i.e. we have not
yet made a desision. There have been various discusions about sudo
both before and after I put the first version of the
http://wiki.ubuntu.com/RootSudo. One thing that everybody (exept you)
else concedes (in threads I have read here whitch are most) is that it
is by all means a cut and dry desision. There are pros and cons and
it depends on the enviroment you are in. We are using LDAP/NFS
'/home' / Terminal Servers) and all these element have an impact into
the decision. Anyway the basic stuff is laid out at
http://wiki.ubuntu.com/RootSudo.
Ben
>
> -Paul
> --
> Is there no safe way to travel? Nottingham, GB
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
--
Ben Edwards - Poole, UK, England
WARNING:This email contained partisan views - dont ever accuse me of
using the veneer of objectivity
If you have a problem emailing me use
http://www.gurtlush.org.uk/profiles.php?uid=4
(email address this email is sent from may be defunct)
More information about the ubuntu-users
mailing list