Re: [cobalt-security] SFTP on Raq4 as Root?

["Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>]

> Carrie wrote:
> > Quite literally, you have to be INSANE to allow root to login
> > directly in any manner whatsoever. Be it ftp, telnet, SSH - there is
> > no reason why you should allow this.
> Well Carrie.... yes and no....  if Mr. BadGuy get's in and types something
> like....
> "rm /bin/su" then you might find yourself locked out of your own box..

To be honest, if "Mr BadGuy" has root privilege on your box, that's the
least of your worries! Given that Carrie is following industry best practice
on this issue, I really don't think think the advantages to the
administrator having remote root login outweigh the advantages to a
potential intruder.

Why do you think Raqs have this two-level admin user setup? Why do you think
that packages that thinks "security first", like OpenBSD or software such as
OpenSSH, have disabled this by default in newer versions, and advise against
it? Because it's a risk. It's a more secure and more accountable solution to
only allow remote login on unprivileged acounts, then su to root from there
as it narrows the path of attack to the system, requiring more than one
password breach, and you also have a bit more clue as to who just logged in
as root.

In answer to the "deleting su" point, if somone can delete your copy of su,
they can most likely also change your root password, locking you out of your
own box anyway. Whether you permit remote root login or not is beside the
point at this stage. Both of these problems can be fixed by local access to
the machine. If you don't have this, then you have a problem, whatever
happens.

> I recently took advantage of [remote root logins] in the process of
> cleaning up a box and kicking "them" out. very very helpfull!

Also helpful to them getting in in the first place. And since you're so
happy logging in as root, let's hope they didn't install a trojan sshd. Of
course they could always install a trojan su. It's all grist to the mill
really.