Telnet root login
chuckr at telenix.org
Wed Mar 25 16:45:19 PDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Julian Elischer wrote:
> Ian FREISLICH wrote:
>> Barney Cordoba wrote:
>>>> Barney, you have to make the network pseudo ttys secure,
>>>> ttyp0 none network secure
>>> Yes, the "its not a good idea" is dependent on whatever other
>>> security you have in place. Having to log in twice to a test
>>> machine on a secure internal network is an unnecessary annoyance.
>>> The concept that every FreeBSD box in existence is publically accessible
>>> is one of those ASSumptions that people should leave at the door.
>>> Ruben, the method you cite no longer works in -current as they've
>>> changed things once again (which happens way too often when your CEOs
>>> are a bunch of bearded academics :)
>>> I'm not sure if its the pty (the login terminal shows as pty/0 and no
>>> longer ttyp0), or if its some PAM thing. Its rather annoying.
>>> Such things as
>>> pty/0 none network secure
>>> pty0 none network secure
>>> equally don't work. And I see no mention in any document as to how it
>>> would be achieved with the current
>> Then use ssh and set "PermitRootLogin yes" in /etc/ssh/sshd_config
> this doesn't work if you are usinf a set of machines run from a central
> machine using nc (netcat) to do scripted i/o through a telnet session on
> the other machines (for example).
> The advantage of telnet is you can pipe nc straight into it.
Julian, I don't know nc, but can't you stick keys in your ~/.ssh, then use ssh
the same way? Doing without passwords, but keeping your security, inside nc? I
think, at minimum, you could use ssh forwarding, but doesn't nc allow this
directly? I just hate the idea of killing all the security, and hadn't yet seen
any (even wildly unlikely) scenario that needs you to do that.
I begin to suspect that there might be a whole lot of folks who aren't aware of
how to use ssh to eliminate passwords. Security writeups are always too
complicated, that's a truism.
>> Ian Freislich
>> freebsd-current at freebsd.org mailing list
>> To unsubscribe, send any mail to
>> "freebsd-current-unsubscribe at freebsd.org"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the freebsd-current