Timeline for Is it safer to ssh as a privileged user than to ssh and sudo?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 2, 2015 at 7:05 | comment | added | R.. GitHub STOP HELPING ICE | @LieRyan: There's no reason you can't configure sshd to behave like sudo with forced commands and logging. The privilege model is much more sound and the attack surface is much smaller. | |
| Dec 2, 2015 at 0:23 | comment | added | Lie Ryan | @R.: not having an audit log of all the command run with root privilege is also a significant risk. Also, a properly configured server can have fine grained sudoers privilege rather than giving every sysadmins all privileges. | |
| Dec 1, 2015 at 17:03 | comment | added | R.. GitHub STOP HELPING ICE | This setup makes sense when password logins are allowed, but a properly configured server does not allow ssh password login at all, only public key. In that case, having sudo (a suid-root binary) installed, much less using it, is a significant additional risk. | |
| Dec 1, 2015 at 12:29 | comment | added | tarleb | Thanks for the feedback. I may have worded my question poorly: I am less interested in why sudoing is considered a best practice, but was wondering if the mentioned paper should be counted as an argument against that practice. | |
| Dec 1, 2015 at 11:58 | history | answered | Philipp | CC BY-SA 3.0 |