I have a server where I am the only normal user and I need to have password-based authentication enabled for SSH. I have configured iptables with recent module which throttles SSH connections and root logins over SSH are disabled. However, let's say that intruder is able to brute-force my SSH password. This means that once he has logged in as a normal user he can execute privileged commands using sudo with the same password. Am I correct that in such scenario it makes sense to configure sudo in a way that it asks for root password?
Asked
Active
Viewed 348 times
2
Martin
- 361
- 2
- 8
- 16
-
Did this answer your question? – Gavin Youker Dec 05 '16 at 20:14
1 Answers
3
Yes, you should.
In a brute force attack against the raw hash, sudo won't help you. However, you should be aware that in other attacking methods, sudo is able to offer some protection.
If, for example, an attacker is able to break into your machine with an exploit, he does not know the password. Potentially delaying or stopping an attack as the attacker does not have the proper privileges to carry out system commands.
However, sudo should be a last line of defense. Once an attacker is in, they are in. Privilege escalation is a commonly practiced strategy. An experienced attacker should be prepared to escalate privileges.
forest
- 64,616
- 20
- 206
- 257
Gavin Youker
- 1,270
- 1
- 11
- 23
-
-
@GavinYouker Thanks! However, when I think about it, is there a point to use `sudo` in this scenario in the first place? If I configure `sudo` to use root password, then I might use `su` instead? – Martin Dec 06 '16 at 09:56
-
1You are correct. Since `su` logs you into the root account, you might as well you su instead. Let me know if you have any more questions. – Gavin Youker Dec 06 '16 at 10:03
-
@Martin If I have answered your question *correctly* please mark it as the right answer for future viewers, thank you. – Gavin Youker Dec 06 '16 at 10:35