# SSH login security?

## triwebb1

How sequre is the SSH login?  My Dad is saying that it is more secure to log in as a regular user, then su to root than it is to just login as root.  I don't think he is right.  Isn't it just as easy to capture the keys sent after the su command is issued as it is to capture the login/password?

----------

## fourhead

as far as i know, ssh encrypts the data stream. so all data you send to the remote machine after you've logged in should be very hard to 'spy out'. i suggest you try ssh with pgp login. i did never try it myself, but it shouldn't be so hard to set up. with pgp login, you actually never send a username or password over the network (neither unencrypted or encrypted) so this is probably the most secure way to login to a remote machine. of course, you need a pgp key for that, but pgp keys are really easy to create with gpg and/or kgpg (a kde frontend). before doing that, you _really_ should carefully read some documentation/explanation of pgp before.

tom

----------

## bmph8ter

I've always kinda wanted to try the keys listed above, but never have.  I personally ssh as a normal user and then su to root.  This way I can completely disable remote root logins.  My reasoning is then an attacker will have to get 2 passwords (normal user and root) to do any real damage.  I know they could probably install a keylogger as a normal user, but maybe they couldn't get the root password and trash the box before I figured it out.

----------

## fourhead

yeah thats definitely true. i think it applies _anywhere_ that it is preferable - from a security point of view - to do something as a normal user and only su/sudo when _really_ necessary.

tom

----------

## triwebb1

Ok, thanks for the info, but I wasn't asking about how to secure a login.  I just want to know if the username/password is encrypted the same way that the data is encrypted with your standard ssh.  I am reasonably sure it is, but not positive.  I used ethereal to capture an ssh login, and I don't see anything pertaining to the username/password, besides exchange of keys, but its all encrypted.

----------

## Chris W

SSH never sends the passphrase encrypted or otherwise.  

The passphrase is used by SSH clients to decrypt the local file containing the private part of a public key pair (~user/.ssh/id_rsa).  The server (hopefully) has the public half of the pair stored in ~user/.ssh/authorized_keys.  The client encrypts a message with the private key and this is only decryptable using the matching public key.  The server decrypts the message with its public key and continues, or fails to decrypt and rejects, the login.  Since only the real user could have the private key the server can be sure of who you are (a similar exchange satisfies the client the the server is the real server).  Using these public key pairs the server and client establish a secret number used as the key for a faster cipher used on the bulk traffic connection.  Once established, all data flow is encrypted using the symmetric cipher (AES etc.) so, if you use a password for the su command the password is protected in transit across the network.

So, connection establishment is performed using public key cryptography while bulk transfer is performed using a symmetric cipher.

----------

## jhmartin

I just want to clarify the last post; SSH can do both password and 'key-based' authentication. W/o any special setup it'll do key-based auth, where it sends the key encrypted to the server's public key.  It does not transit cleartext.

Key-based authentication is used if the authorized_keys file exists and the client proposes a list of possible keys.

----------

## triwebb1

So, without using keys, is it easier to crack the authentication encryption or the general traffic encryption?  Nobody has really answered my question.  Using a standard ssh install, is it any more secure to login as a user and su to root than it is to login as root?

----------

## GentooBox

 *triwebb1 wrote:*   

> So, without using keys, is it easier to crack the authentication encryption or the general traffic encryption?  Nobody has really answered my question.  Using a standard ssh install, is it any more secure to login as a user and su to root than it is to login as root?

 

You should always disable root login in sshd_config.

its a really bad idea to allow root login from remote terminals.

if i got some fancy password cracker that retrys all the time, then i could login as root if i wanted to.

once inside as root, then you are doom'ed.

if you only allow normal user login, then the attacker has to login, then install a password cracker, then use it. that is more difficult than just cracking your root account.

so, its more secure login in as a normal user, than root. - root should be disabled.

----------

## pakman

Its more secure to disable root logins directly via ssh.

For the simple reason that you're adding a layer of security (i.e. needing the unprivileged user account) to the root login process.

There is also the flip-side to this, you're vulnerable to trojaned "su" and "sudo" binaries, so take some steps to prevent this, like removing "." from your path for instance, or always running "whereis su" to check its not out of /bin  :Smile: 

----------

## triwebb1

So, the only reason it is more secure to login as user and su is because it takes the attacker more steps to get the root password, right?  And those extra steps aren't that hard, right?  All you have to do is install some kind of keylogger that is running when they put in their su password, and you now have root access, right?

If all of the above is correct, then it is hardly any more secure to login as user and su than it is to login as root.

----------

## avendesora

I don't see how you could install a key-logger if you're not root on the machine. Am I missing something?

----------

## triwebb1

I don't know how you'd do it, but I'm sure it can be done.  All you need to log is the same user's keystrokes that are the password being entered after the "su" command.

----------

## teknomage1

triwebb1 said

 *Quote:*   

> If all of the above is correct, then it is hardly any more secure to login as user and su than it is to login as root. 

 

Isn't that like saying, "let's disable passwords entirely because they can be disabled"? I mean sure the uber-hacker can always chop through any defense if he wants it bad enough but the more hoops you make him jump through, the less likely it is that he wants your machine enough to keep jumping.

----------

## 2young2die

It shouldnt rly be a problem to login directly as root with SSH

Cus when the connection is going up, the server sends u his public key (RSA asymetric) after that a random symetric key is generated (AES, 3DES) and will be encrypted with the public key of the server. The server decrypts that encrypted symetrc key with his private key, so that both have the same symetric key. The rest of the data will be send with symetric encryption, which should be very secure, cus the key has been encrypted with asymetric encryption. They use both techniques, because encryption and decryption with asymetric keys takes much longer than with symetric keys 

this is the short version  :Smile:  theres also something to explain for certifiactes, but i am lazy  :Smile: 

----------

## Chris W

 *triwebb1 wrote:*   

> So, without using keys, is it easier to crack the authentication encryption or the general traffic encryption?  Nobody has really answered my question.  Using a standard ssh install, is it any more secure to login as a user and su to root than it is to login as root?

 

The symmetric encryption is probably easier to break but this is really splitting hairs since neither the symmetric nor the public key ciphers is easy to break if used properly.  Yes, an attacker could retrieve a root password by brute-force cracking the symmetric cipher but the time taken to do this is likely to be substantially longer than the time between changes of said password.

----------

## indros

Generally speaking this used to be more common for older days, especially when using telnet, and sniffing was more prevalent. 

The reason for doing as you father suggests is that most password sniffers would sniff capture only so many bytes of a session... not the entire session. So, while concievably, someone might compromise, a local user account, but it would make it more difficult to get root access, because you would have already used up the loggers space, and you would be able to login as root.

----------

## 2young2die

 *Quote:*   

>  The symmetric encryption is probably easier to break but this is really splitting hairs since neither the symmetric nor the public key ciphers is easy to break if used properly.  Yes, an attacker could retrieve a root password by brute-force cracking the symmetric cipher but the time taken to do this is likely to be substantially longer than the time between changes of said password.

 

Yeah but both sides need the symmetric key. Only secure way of data transfer would be to send the symmetric key by snailmail or something  :Smile: 

----------

## BlinkEye

 *triwebb1 wrote:*   

> So, the only reason it is more secure to login as user and su is because it takes the attacker more steps to get the root password, right?  And those extra steps aren't that hard, right?  All you have to do is install some kind of keylogger that is running when they put in their su password, and you now have root access, right?
> 
> If all of the above is correct, then it is hardly any more secure to login as user and su than it is to login as root.

 

well, one thing though: if you disable root login via ssh an attacker must first know an existing account which is permitted to login. with root-login enabled you don't have to guess, this is very simple, a root account exists everywhere. 

you're right, nobody really answered your question. i think as you do that the transmission of the username and password is encrypted - and if we believe 2young2die (allthough he's lazy  :Wink: ) we got our proof.

----------

## 2young2die

hej, there have been written whole books about this topic  :Smile: 

just to explain my lazyness

----------

## BlinkEye

right you are. thanks anyway for sharing your knowledge in spite of your lazyness   :Laughing: 

----------

## not_registered

The main problem with ssh is if their is a keylogger on the machine you are logging in from (not to).

----------

## 2young2die

a keylogger would catch the SUing aswell tho  :Smile: 

----------

