Telnet root login

Chuck Robey chuckr at
Wed Mar 25 16:45:19 PDT 2009

Hash: SHA1

Julian Elischer wrote:
> Ian FREISLICH wrote:
>> Barney Cordoba wrote:
>>>> Barney, you have to make the network pseudo ttys secure,
>>>> like:
>>>> ttyp0   none    network    secure
>>>> Ruben
>>> Yes, the "its not a good idea" is dependent on whatever other
>>> security you have in place. Having to log in twice to a test
>>> machine on a secure internal network is an unnecessary annoyance.
>>> The concept that every FreeBSD box in existence is publically accessible
>>> is one of those ASSumptions that people should leave at the door.
>>> Ruben, the method you cite no longer works in -current as they've
>>> changed things once again (which happens way too often when your CEOs
>>> are a bunch of bearded academics :)
>>> I'm not sure if its the pty (the login terminal shows as pty/0 and no
>>> longer ttyp0), or if its some PAM thing. Its rather annoying.
>>> Such things as
>>> pty/0 none network secure
>>> pty0 none network secure
>>> equally don't work. And I see no mention in any document as to how it
>>> would be achieved with the current
>> Then use ssh and set "PermitRootLogin yes" in /etc/ssh/sshd_config
> this doesn't work if you are usinf a set of machines run from a central
> machine using nc (netcat) to do scripted i/o through a telnet session on
> the other machines (for example).
> The advantage of telnet is you can pipe nc straight into it.

Julian, I don't know nc, but can't you stick keys in your ~/.ssh, then use ssh
the same way?  Doing without passwords, but keeping your security, inside nc?  I
think, at minimum, you could use ssh forwarding, but doesn't nc allow this
directly?  I just hate the idea of killing all the security, and hadn't yet seen
any (even wildly unlikely) scenario that needs you to do that.

I begin to suspect that there might be a whole lot of folks who aren't aware of
how to use ssh to eliminate passwords.  Security writeups are always too
complicated, that's a truism.

>> Ian
>> -- 
>> Ian Freislich
>> _______________________________________________
>> freebsd-current at mailing list
>> To unsubscribe, send any mail to
>> "freebsd-current-unsubscribe at"

Version: GnuPG v1.4.9 (FreeBSD)
Comment: Using GnuPG with Mozilla -


More information about the freebsd-current mailing list