root login with telnetd

Sergio Lenzi lenzi at k1.com.br
Sun Mar 11 14:09:57 UTC 2007


Hello...

I see you issues about telenet...

I use the inetd+telnet for more than 20 years and using BSD
with RSA, and obviiously with a good password.

I have never been cracked down...
and I have 10 of my /etc/ttys entries setted to "secure"

ttyp0   none                    network off     secure
ttyp1   none                    network off     secure
ttyp2   none                    network off     secure
ttyp3   none                    network off     secure
ttyp4   none                    network off     secure
ttyp5   none                    network off     secure
ttyp6   none                    network off     secure
ttyp7   none                    network off     secure
ttyp8   none                    network off     secure
ttyp9   none                    network off     secure
ttypa   none                    network off     secure
ttypb   none                    network off     secure
ttypc   none                    network off     secure

in my /etc/master.passwd.....
root:*:0:0::0:0:Charlie &:/root:/bin/csh


a "kill -1 1"  would allow root do dial in

I block the root account in /etc/master.passwd by put a "*" as md5hash
and setted up an "supper" account.....

pw adduser xxxxxxxxx -d /root -s /usr/local/bin/bash -u 0 -g 0 -h 0

Than is done...

All the cracking I have seen is from someone that is INSIDE the machine
(http using php,pop,imap, ssh,...) that is you have yet allowed him to
come in,
you gave them the password (in the case of ssh), or in http...

A "normal"  FreeBSD 6.2 or an OpenBSD, is incredible solid...

You must know the "superuser" login AND the password....

choose a password with letters and numbers, or something in 
portuguese (only 7 countries speak that):  biruta22, pezinho12,
45pinheiiros,
tovazioagora, batatinha744, 45canastra96.....

I tested in an security system and it says is have good security...
(pgp)...

Besides.. using brute force in a word like "itacolomi"  using a 1 second
delay
would result ,,,, "forever"  
Besides, BSD have the ability to force a new password once it is too
old... 
a new password every 3 months is a good choice....  and you must stilll
pass through   RSA .


Thanks for sharing the experience...  now I know I am not the one that
uses "telenet"

  




More information about the freebsd-questions mailing list