From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 10:52:51 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7A90E16A400 for ; Sun, 11 Mar 2007 10:52:50 +0000 (UTC) (envelope-from howie@thingy.com) Received: from mail.thingy.com (wotsit.thingy.com [212.21.100.67]) by mx1.freebsd.org (Postfix) with ESMTP id D00F813C441 for ; Sun, 11 Mar 2007 10:52:49 +0000 (UTC) (envelope-from howie@thingy.com) Received: (qmail 22409 invoked by uid 0); 11 Mar 2007 10:52:47 +0000 Received: from unknown (HELO ?192.168.1.12?) (howie@thingy.com@212.21.124.49) by wotsit3.thingy.com with AES256-SHA encrypted SMTP; 11 Mar 2007 10:52:47 +0000 Message-ID: <45F3DF87.1090503@thingy.com> Date: Sun, 11 Mar 2007 10:52:55 +0000 From: Howard Jones User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Wojciech Puchar , freebsd-questions@freebsd.org References: <20070310224946.K10353@chylonia.3miasto.net> <20070311081618.F66000@chylonia.3miasto.net> In-Reply-To: <20070311081618.F66000@chylonia.3miasto.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: [freebsd-questions] root login with telnetd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 10:52:51 -0000 Wojciech Puchar wrote: >> can it be set to make possible to login root to machine through >> telnet and without telneting to some user and then su - >> ? >> >> with sshd and rshd it can be set, with telnetd - no success. >> > once again - can someone answer my question instead of giving very > "intelligent" comments? > _______________________________________________ If I remember correctly, you edit /etc/ttys and set some of your ttyp* (i.e. network ptys) to be 'SECURE'. It really isn't a good idea though. The reason I don't remember is that I haven't done it in about 10 years. If it's a remote program that needs root access, you can probably do something with ssh - you can allow ssh RootLogin, but not with passwords only public key auth, and you can *also* limit the key to be allowed to only connect from certain addresses and only run specific commands (e.g. some backup software works this way). You can have multiple keys with different restrictions even - Host A can run rsync only, and host B can run rdiff-backup only. Howie