Telnet root login
Barney Cordoba
barney_cordoba at yahoo.com
Wed Mar 25 04:25:21 PDT 2009
--- On Wed, 3/25/09, Ruben de Groot <mail25 at bzerk.org> wrote:
> From: Ruben de Groot <mail25 at bzerk.org>
> Subject: Re: Telnet root login
> To: "Chuck Robey" <chuckr at telenix.org>
> Cc: barney_cordoba at yahoo.com, current at freebsd.org
> Date: Wednesday, March 25, 2009, 5:53 AM
> On Tue, Mar 24, 2009 at 08:56:28PM -0400, Chuck Robey typed:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Barney Cordoba wrote:
> > > How do you enable root telnet access in current?
> I remember having some
> > > issue with specifying pty/0 in ttys years ago in
> linux but the right
> > > way to do it excapes me.
> >
> > I really wouldn't do that. If you have to get
> external root access, use ssh,
> > but if you haven't been broken into yourself,
> it's FAR more likely that you just
> > haven't seen it, than it hasn't happened. You
> don't want to allow folks into
> > your machine, there isn't any such thing as honor
> among those folks.
>
> Sound advice, but not an answer to his question.
> Barney, you have to make the network pseudo ttys secure,
> like:
>
> ttyp0 none network secure
>
> Ruben
Yes, the "its not a good idea" is dependent on whatever other
security you have in place. Having to log in twice to a test
machine on a secure internal network is an unnecessary annoyance.
The concept that every FreeBSD box in existence is publically accessible
is one of those ASSumptions that people should leave at the door.
Ruben, the method you cite no longer works in -current as they've
changed things once again (which happens way too often when your CEOs
are a bunch of bearded academics :)
I'm not sure if its the pty (the login terminal shows as pty/0 and
no longer ttyp0), or if its some PAM thing. Its rather annoying.
Such things as
pty/0 none network secure
pty0 none network secure
equally don't work. And I see no mention in any document as to how it
would be achieved with the current
Barney
More information about the freebsd-current
mailing list