From owner-freebsd-questions  Fri Nov  2 16:29:11 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp3.mx.pitdc1.stargate.net (smtp3.mx.pitdc1.stargate.net [206.210.69.143])
	by hub.freebsd.org (Postfix) with SMTP id CB08C37B408
	for <freebsd-questions@freebsd.org>; Fri,  2 Nov 2001 16:29:08 -0800 (PST)
Received: (qmail 19358 invoked from network); 3 Nov 2001 00:28:59 -0000
Received: from unknown (HELO wastegate.net) (209.166.135.125)
  by smtp3.mx.pitdc1.stargate.net with SMTP; 3 Nov 2001 00:28:59 -0000
Received: (qmail 30414 invoked from network); 3 Nov 2001 00:29:02 -0000
Received: from unknown (HELO MOTHER) (192.168.1.2)
  by 192.168.1.1 with SMTP; 3 Nov 2001 00:29:02 -0000
From: "Doug Reynolds" <mav@wastegate.net>
To: "Anthony Atkielski" <anthony@atkielski.com>,
	"FreeBSD Questions" <freebsd-questions@freebsd.org>,
	"Mike Meyer" <mwm@mired.org>
Date: Fri, 02 Nov 2001 19:28:09 -0500
Reply-To: "Doug Reynolds" <mav@wastegate.net>
X-Mailer: PMMail 98 Professional (2.01.1600) For Windows NT (5.0.2195;2)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Re[2]: Tiny starter configuration for FreeBSD
Message-Id: <20011103002908.CB08C37B408@hub.freebsd.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri, 2 Nov 2001 06:29:27 +0100, Anthony Atkielski wrote:

>Point taken.  In practice, however, administrators tend to drift towards
>"massively insecure" as they try to overcome "massively inadequate."
>
>For example, one change I made to my system was to allow root logins from remote
>terminals.  I'd prefer to limit remote logins to root to my other machine, which
>is on the LAN, but I'm not aware of an option to force that, so I had to open
>root logins to the world.  Thus, in order to obtain needed functionality, I had
>to compromise security far more than I would have liked.
>
>(BTW, if there is a way to restrict the ability to log in as root to remote
>connections from certain IP addresses only, I'd appreciate knowing how to do
>this.)

why dont you just add a user account to the wheel group, so you can su
to root.  I think that is still a lot more secure than logging in as
root from telnet / ssh.

---
doug reynolds | the maverick | mav@wastegate.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message