Date: Sat, 29 Jun 1996 14:40:57 -0400 (EDT) From: John Brann <jbrann@panix.com> To: mc7953@mclink.it (Marco Masotti) Cc: questions@FreeBSD.org (freeq) Subject: Re: rlogin as root refused Message-ID: <199606291840.OAA03650@jbrann.dialup.access.net> In-Reply-To: <31D53AD3.41C67EA6@mclink.it> from Marco Masotti at "Jun 29, 96 04:16:51 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Marco Masotti wrote... > I'm getting problems doing rlogin as root, always when towards FreeBSD > machines. > > I can do rsh generic commands and rcp, but not rlogin. > > I set a "+" in the ~root/.rhosts file, but this doesn't suffice. > > Also, my /etc/login.access file has only one line: > > +:ALL:ALL > > Nevertheless, when doing rsh|rlogin <FreeBSD host>, I get: > > # rsh <FreeBSD host> > Password: > root login refused on this terminal. > login: > > I can succesfully do the same operation on behalf of generic users, > other than root, yet through the same rhosts authorization mechanism. > Sure, I can then switch root, but I wish to do it straight also. > > Is this behaviour normal due to security issues? In such case it would > not seem to bi documented anywhere. > > PS: the login.access file seems to function properly when accessing > through a physical tty line, ie. through modems. > > thks > Marco M. > Yes, this is an _immense_ security hole. If this machine is connected to the Internet, it is an open invitation to any malicious person to rape and pillage your system. Please don't do it, you'll only encourage the crackers who enjoy that kind of stuff. On the other hand... there is another reason for this failure to log in, and you can get around it. The solution is in '/etc/ttys' That file lists all the terminals (real and pseudo) and has a flag 'secure' which indicates that root access is allowed / disallowed on that terminal. By default the network terminals are deemed not to be secure, so 'root' can't use them. If you really must do network logins as root, add the secure option to the pseudo terminals, but _please_ remove that suicidal '.rhosts' file. John -- Beavis and Butt-Head; Vladimir and Estragon for the '90s. finger jbrann@panix.com for pgp public key
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606291840.OAA03650>