From owner-freebsd-questions Wed Oct 4 9:10:32 2000 Delivered-To: freebsd-questions@freebsd.org Received: from prime.gushi.org (prime.gushi.org [208.23.118.172]) by hub.freebsd.org (Postfix) with ESMTP id 1A7E037B503 for ; Wed, 4 Oct 2000 09:10:30 -0700 (PDT) Received: from localhost (danm@localhost) by prime.gushi.org (8.9.3/8.9.3) with ESMTP id LAA28720 for ; Wed, 4 Oct 2000 11:57:51 -0400 (EDT) (envelope-from danm@prime.gushi.org) Date: Wed, 4 Oct 2000 11:57:50 -0400 (EDT) From: "Dan Mahoney, System Admin" To: questions@freebsd.org Subject: Securing SU Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG After searching the archives for "su and telnet" and reading about 250 entries on how you can't telnet as root, man ttys for how to change this.... My question is different (thank god)... I was wondering if there was a way to configure su so that it would disallow a user access if they're telnetted in. (but, say, allow them if they have sshed in). Also, I have heard two different approcaches on this: 1. You should star out your root password and force a key-based protocol to be used. If this is the case, how does one su? 2. You should not allow root logins via ssh either. See my confusion? Thanks, Dan Mahoney -- "GO HOME AND COOK!!!" Donielle Cocossa, Taco Bell, 2:30 AM --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message