From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 11:13:13 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A67E916A402 for ; Sun, 11 Mar 2007 11:13:13 +0000 (UTC) (envelope-from wojtek@tensor.gdynia.pl) Received: from chylonia.3miasto.net (chylonia.3miasto.net [83.12.228.78]) by mx1.freebsd.org (Postfix) with ESMTP id 187C813C441 for ; Sun, 11 Mar 2007 11:13:08 +0000 (UTC) (envelope-from wojtek@tensor.gdynia.pl) Received: from chylonia.3miasto.net (localhost [127.0.0.1]) by chylonia.3miasto.net (8.13.8/8.13.4) with ESMTP id l2BBD8tM091356; Sun, 11 Mar 2007 12:13:08 +0100 (CET) (envelope-from wojtek@tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by chylonia.3miasto.net (8.13.8/8.13.4/Submit) with ESMTP id l2BBD8Fx091353; Sun, 11 Mar 2007 12:13:08 +0100 (CET) (envelope-from wojtek@tensor.gdynia.pl) X-Authentication-Warning: chylonia.3miasto.net: wojtek owned process doing -bs Date: Sun, 11 Mar 2007 12:13:07 +0100 (CET) From: Wojciech Puchar X-X-Sender: wojtek@chylonia.3miasto.net To: Howard Jones In-Reply-To: <45F3DF87.1090503@thingy.com> Message-ID: <20070311120541.Y90539@chylonia.3miasto.net> References: <20070310224946.K10353@chylonia.3miasto.net> <20070311081618.F66000@chylonia.3miasto.net> <45F3DF87.1090503@thingy.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: [freebsd-questions] root login with telnetd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 11:13:13 -0000 >> once again - can someone answer my question instead of giving very >> "intelligent" comments? >> _______________________________________________ > If I remember correctly, you edit /etc/ttys and set some of your ttyp* (i.e. > network ptys) to be 'SECURE'. It really isn't a good idea though. The reason it works. but it is strange solution, as rshd and sshd can be set up this way. why telnetd can't? i tried allow_root in /etc/pam.d/telnetd every place (like with /etc/pam/rsh) and it doesn't work. > something with ssh - you can allow ssh RootLogin, but not with passwords only yes i already use PermitRootLogin in sshd_config and ssh root login works. same with rshd by changing /etc/pam.d/rsh but with telnet it does not. very funny is reading other people's replies about security, showing that they simply don't understand how things works. i don't ask if telnetd can be sniffed, because i know it can. as well as telnet when logging to non-root user, as well as rsh. and if there were exploits for telnetd for SunOS or FreeBSD, they exploited bugs in telnetd, and not guessing root password. so allowing root login or not doesn't make any difference. so generalizing that "telnet and rsh is bad" is as stupid as telling that oxygen is bad as it makes fires.