Date: Sat, 30 May 1998 14:49:52 -0400 (EDT) From: CyberPeasant <djv@bedford.net> To: bendede@startribune.com (Dave Bender) Cc: questions@FreeBSD.ORG Subject: Re: remote root access Message-ID: <199805301849.OAA18424@lucy.bedford.net> In-Reply-To: <01BD8BAF.1FA88F40@MANNY> from Dave Bender at "May 30, 98 09:41:26 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Dave Bender wrote:
> Is there some default I can change to allow myself to log in as root via
> a telnet or other type of remote session?
>
> If I telnet to my freeBSD machine from a Windows machine from across the
> room, I get "login incorrect" for the root login even though I'm sure
> I've got the right password (Had no password for a while and thought
> that was the problem. 'twasn't.)
>
> I understand the rationale of having a strict default behavior but this
> machine is in my apartment; I'm not too concerned about my wife or
> five-week-old daughter wreaking havoc on my systems.
How about my evil cousin H@x0Rb0y? If the machine is /ever/
connected to the big nasty net, you're at risk. I've been hacked
at over an intermittent 29K modem dialup (nailed his pubescent
little tail, too :). There's a certain kind of script-wanker that
hangs around your ISP and sees what he can see. These 31337 dopes
get a sort of merit badge if they can hack a Unix box.
I've even had my cat get root -- she jumps on the keyboard.
Consider what a kid (you've got about 2-3 years to consider it in
:) can do with a mouse in a root xterm.
You can enable root net logins by adding the word "secure" to the
first few (or all) the pty's in /etc/ttys:
make lines like this:
ttyp0 none network
look like this:
ttyp0 none network secure
Send a HUP to init to make the changes take effect.
(kill -HUP 1)
Doing this is not a glaring, horrible hole that anybody can exploit,
but it does lower a small barrier. If you do this, read up on
setting /etc/hosts.allow and /etc/hosts.deny, and using tcp wrappers
(from the pkg/port of that name). After installing tcp wrappers,
read man 5 hosts_access. Also man login.access.
I run root all the time -- but I like the adrenalin rushes -- (I know
I should get out more) -- I especially look forward to accidental mid-mouse
pastes in a root xterm.
Dave
--
DISCLAIMER: If it can be disclaimed, it is.
DISCLAIMER: In particular, I don't represent any organization.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805301849.OAA18424>