SSH as a sudo replacement
SSH as a sudo replacement
16 comments
-
......I feel like openssh has a much larger attack surface than a simple binary.
If you're going to this extent already, you may as well jump on the run0 approach systemd is introducing.
oh no, I can hear rumbling
-
…I feel like openssh has a much larger attack surface than a simple binary.
Right. This is just trading one set of security pitfalls with a second, much worse set of security pitfalls.
-
alias run0=sudo(not really; I'd rather not introduce an alias or any sort of symbolic behaviour that would teach me to expect that systemd crap is available on a system. The less you rely on it, the better)
-
-
Seems novel. But from a security aspect, if OpenSSH has security vulnerability that allows an unauthenticated user to login, via whatever means, once you are in the system as a non-privileged user, you are now free to use the same vulnerability to get root.
Basically this exercise is like using two locks that have the same key to open them. If the same key opens them, then a weakness in one, is now a weakness in the other so why bother with two identical locks?
16 comments