From owner-freebsd-questions Sat May 30 12:05:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA16793 for freebsd-questions-outgoing; Sat, 30 May 1998 12:05:21 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from lucy.bedford.net (lucy.bedford.net [206.99.145.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA16637 for ; Sat, 30 May 1998 12:03:52 -0700 (PDT) (envelope-from listread@lucy.bedford.net) Received: (from listread@localhost) by lucy.bedford.net (8.8.8/8.8.8) id OAA18424; Sat, 30 May 1998 14:49:52 -0400 (EDT) (envelope-from listread) Message-Id: <199805301849.OAA18424@lucy.bedford.net> Subject: Re: remote root access In-Reply-To: <01BD8BAF.1FA88F40@MANNY> from Dave Bender at "May 30, 98 09:41:26 am" To: bendede@startribune.com (Dave Bender) Date: Sat, 30 May 1998 14:49:52 -0400 (EDT) Cc: questions@FreeBSD.ORG X-no-archive: yes Reply-to: djv@bedford.net From: CyberPeasant X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dave Bender wrote: > Is there some default I can change to allow myself to log in as root via > a telnet or other type of remote session? > > If I telnet to my freeBSD machine from a Windows machine from across the > room, I get "login incorrect" for the root login even though I'm sure > I've got the right password (Had no password for a while and thought > that was the problem. 'twasn't.) > > I understand the rationale of having a strict default behavior but this > machine is in my apartment; I'm not too concerned about my wife or > five-week-old daughter wreaking havoc on my systems. How about my evil cousin H@x0Rb0y? If the machine is /ever/ connected to the big nasty net, you're at risk. I've been hacked at over an intermittent 29K modem dialup (nailed his pubescent little tail, too :). There's a certain kind of script-wanker that hangs around your ISP and sees what he can see. These 31337 dopes get a sort of merit badge if they can hack a Unix box. I've even had my cat get root -- she jumps on the keyboard. Consider what a kid (you've got about 2-3 years to consider it in :) can do with a mouse in a root xterm. You can enable root net logins by adding the word "secure" to the first few (or all) the pty's in /etc/ttys: make lines like this: ttyp0 none network look like this: ttyp0 none network secure Send a HUP to init to make the changes take effect. (kill -HUP 1) Doing this is not a glaring, horrible hole that anybody can exploit, but it does lower a small barrier. If you do this, read up on setting /etc/hosts.allow and /etc/hosts.deny, and using tcp wrappers (from the pkg/port of that name). After installing tcp wrappers, read man 5 hosts_access. Also man login.access. I run root all the time -- but I like the adrenalin rushes -- (I know I should get out more) -- I especially look forward to accidental mid-mouse pastes in a root xterm. Dave -- DISCLAIMER: If it can be disclaimed, it is. DISCLAIMER: In particular, I don't represent any organization. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message