Is this list high volume

David A. Bandel david.bandel at gmail.com
Tue Feb 9 11:02:00 PST 2016 

Matt,

You do realize you can ssh in as any user (including root) if they don't
have a password, all they need is a shell of some sort.  I have all my
systems PermitRootLogin without-password to prevent password logins as root
-- keys only (and I use ed25519, none of the unsecure NIST crap -- see
http://safecurves.cr.yp.to/index.html).

sudo serves a purpose.  Just not much of one for me.

David-

On Thu, Feb 4, 2016 at 11:54 AM, Matthew Carpenter via Linux-users <
linux-users at linux-sxs.org> wrote:

> Actually, as a security professional, I've found it very helpful in many
> cases.
> First of all, the rest of the code is being written such that it has to
> support sudo or some gui-equiv (gui apps, X, etc).  Being able to maintain
> a separation of root password from users with sudo access is also helpful.
> sudo allows me to provide some capabilities without granting root to anyone
> needing to do specialized things.
> btw, you can still use root.  :)  just set a password for root and ssh
> in.  If you want a GUI for root, enable root as a GUI login identity.  If
> you're in an environment large enough that more than just you need access
> to the root account, good luck.  Accountability and logging are key.
>
> But that's my soap-box.  I don't have a problem with sudo being the new
> root.  I've found that not allowing root logins has been a significant
> value against attacks.  Not that I can keep 0-days from pwning my machine,
> but I can make the cost of gaining root on them that much greater... and
> have more likelihood of identifying the compromise, if I'm looking.
>
> $0x02,
> Matt
> --
>
>
> On Thursday, February 04, 2016 12:39:44 PM Leon Goldstein via Linux-users
> wrote:
> > Wow!  Great to hear from you again, David.  BTW I still have my copy of
> > /Using Caldera Open Linux/ you coauthored.
> >
> > Is it just me, or does anyone else find having to use sudo, instead of
> > logging in as root user, a PITA?
> >
> >
> > On 02/04/2016 12:29 PM, David A. Bandel via Linux-users wrote:
> > > /me waves
> > >
> > > Still lurking.  $DAYJOB is running a university CS department servers
> > > and Linux workstations, and physics, math, civil engineering
> > > department servers as well -- never a dull moment.  RHEL7, Ubuntu,
> > > Scientific Linux, Mint, more.
> > >
> > > David-
> > >
> > > On Mon, Feb 1, 2016 at 3:58 PM, John C. Voigt via Linux-users
> > > <linux-users at linux-sxs.org <mailto:linux-users at linux-sxs.org>> wrote:
> > >
> > >     On 02/01/2016 03:13 AM, James McDonald via Linux-users wrote:
> > >
> > >     > Hi All,
> > >
> > >     <snip>
> > >
> > >     > Just kidding. I remember when I joined around '99 it was rather
> > >     busy. Now
> > >     > I'm not sure if we see a mail every 6 months.
> > >
> > >     Been along for the ride since the Caldera days. The list, in it's
> > >     various incarnations has always has been a good source for quality
> > >     information from very knowledgeable people.
> > >
> > >     > Anywho. Hi to all the lurkers!
> > >
> > >     /me ;-)
> > >
> > >     > PS. Running CentOS on web. Latest Fedora and Ubuntu in VMWare
> > >     Fusion and a
> > >     > MacBook Pro as my computing metal
> > >
> > >     Opensuse here mostly, but checking out a few other distros from
> > >     time to
> > >     time. Don't like the systemd stuff much, but I guess it's what is
> now.
> > >
> > >     > PPS. Discovered docker love it and hate it at the same time.
> > >
> > >     Not delved there yet, looks interesting though.
> > >
> > >     L8R,
> > >
> > >     JV
> > >     --
> > >     _/- John Voigt - K9GBO - Registered Linux User #38558
> > >     _/- System Administrator - Valley Technology
> > >     _/- jcvoigt at gmail.com <mailto:jcvoigt at gmail.com> - Terre Haute, IN
> > >
> > >     Experience varies directly with equipment ruined.
> > >     _______________________________________________
> > >     Linux-users mailing list
> > >     Linux-users at linux-sxs.org <mailto:Linux-users at linux-sxs.org>
> > >     http://mailman.celestial.com/mailman/listinfo/linux-users
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Linux-users mailing list
> > > Linux-users at linux-sxs.org
> > > http://mailman.celestial.com/mailman/listinfo/linux-users
> >
>
> >
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> http://mailman.celestial.com/mailman/listinfo/linux-users
>



-- 
Two things are infinite: the universe and human stupidity; and I'm not sure
about the the universe. -- Albert Einstein
Visit my web page at: http://david.bandel.us/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.celestial.com/pipermail/linux-users/attachments/20160209/874c738e/attachment-0001.html>

More information about the Linux-users mailing list