User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > root vs su root ?


root vs su root ?




Posted by olddocks, 07-09-2008, 09:28 AM
what is difference working as root and su root in SSH. ? Many recommend disabling logging as root, but lot many commands ( service, adduser, ifconfig and ...) are not working on the commandline under when logged as su. i feel like my hands are tied working as su root and many commands are not available. why is it like that? is there any way i can feel comfortable logging as su similar like root login.
Posted by zuborg, 07-09-2008, 09:49 AM
If you enable direct root login via ssh ("PermitRootLogin yes" in /etc/ssh/sshd_config) then you make possible to remotely bruteforce root password, which sometimes can be complete unnoticed. By forcing 'su' need to became root, you force first to bruteforce password to ordinary user and then to bruteforce root password locally on server, which makes securety somewhat stronger.
Posted by foobic, 07-09-2008, 09:52 AM
su - Hint: your commands aren't working because when you su you still have the unprivileged user's environment, including the path which doesn't include /usr/sbin and the like.
Posted by zuborg, 07-09-2008, 09:56 AM
foobic mean that you should use 'su -' command to become root instead of 'su'
Posted by Gary Brahmi, 07-09-2008, 09:57 AM
The only difference is that you will be logging in using some sort of user and then run the su command to get the root privileges. Once you have done that, there should not be any issues running any command that requires root privileges. I personally feel that rather than disabling the root login via ssh, the better option is to change the port from the default 22 to something different which can even prevent any bruteforce attack to the ssh.
Posted by JRSEOMarketing, 07-09-2008, 03:56 PM
The servers I have I do the following: 1. SSH on different port 2. Edit /etc/hosts.deny ( ALL: ALL ) 3. Edit /etc/hosts.allow - Only IPs I trust 4. Edit ("PermitRootLogin no" in /etc/ssh/sshd_config) 5. Install BFD 6. Run Sudo so I have to re-think before I do something stupid lol


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Stuck on installing Godaddy SSL (Views: 624)
Port Control on Cisco Catalyst Switches (Views: 648)
My host company is blocking my users IP's, now members cant access my site. (Views: 899)
beachcomber server downtime (Views: 693)
Need help with storage solution, Raid, Front-end servers/ Coraid? (Views: 605)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com