From owner-freebsd-questions  Fri Dec 18 23:09:01 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA04738
          for freebsd-questions-outgoing; Fri, 18 Dec 1998 23:09:01 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from namodn.com (namodn.com [207.33.107.203])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA04689
          for <FreeBSD-questions@FreeBSD.ORG>; Fri, 18 Dec 1998 23:08:54 -0800 (PST)
          (envelope-from robert@namodn.com)
Received: from localhost (robert@localhost)
	by namodn.com (8.8.8/8.8.8) with SMTP id XAA29798;
	Fri, 18 Dec 1998 23:13:26 GMT
	(envelope-from robert@namodn.com)
Date: Fri, 18 Dec 1998 23:13:26 +0000 (GMT)
From: Robert <robert@namodn.com>
To: David Shanes <dshanes@mswin.net>
cc: questions FreeBSD <FreeBSD-questions@FreeBSD.ORG>
Subject: Re: Clearing "NOROOT" status.
In-Reply-To: <00f201be2b1e$9c3b5560$0143a8c0@family1>
Message-ID: <Pine.BSF.3.96.981218231053.29367I-100000@namodn.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

:)
I think that's what happened; try putting "secure" on the ttys that you
want to be able to log in as root on, if you do indeed want to log on as
root from remote.

I use "su" and "sudo" myself, which I strongly recommend for security
puposes.. there's just no benefit that I can see to logging in as root as
opposed to using "su"...

@:-)
( www.namodn.com )
( robert@namodn.com )

On Fri, 18 Dec 1998, David Shanes wrote:

> Specifically, in "/var/log/messages", it says:
> 
> Dec 18 20:51:24 shanes login: LOGIN root REFUSED (NOROOT) FROM x.x.x.x ON
> TTY ttyp0
> 
> Does that mean that I was trying to login as root, but even with the right
> password, I would have been denied access b/c it was via Telnet?
> 
> Thanks,
> David
> 
> -----Original Message-----
> From: Robert <robert@namodn.com>
> To: David Shanes <dshanes@personalogic.com>
> Date: Friday, December 18, 1998 10:47 PM
> Subject: Re: Clearing "NOROOT" status.
> 
> 
> >So you have been able to log in remotely as root, and now it has "banned"
> >the IP address because of "too many failed login attempts"?
> >Perhaps it gives more info in /var/log/messages ... I tried a quick
> >search/grepped my /etc , but to no avail.. the only thing I know that can
> >allow/deny IP's is a firewall ; could it perhaps have changed your
> >firewall "rules" ? Try resetting it ( if any ), since you're at the
> >console..
> >
> >-rob
> >
> >On Fri, 18 Dec 1998, David Shanes wrote:
> >
> >>     Thanks for the help. I do not think that there ever was an entry
> >> "secure" for any ttyp?. I mistyped the password too many times, when
> trying
> >> to login via telnet, and saw a message on my FreeBSD system's screen that
> >> said that it would not allow root login from that IP address - over any
> >> ttyp?.
> >>
> >> David
> >>
> >> -----Original Message-----
> >> From: Robert <robert@namodn.com>
> >> To: David Shanes <dshanes@mswin.net>
> >> Cc: questions FreeBSD <FreeBSD-questions@FreeBSD.ORG>
> >> Date: Friday, December 18, 1998 10:31 PM
> >> Subject: Re: Clearing "NOROOT" status.
> >>
> >>
> >> >Found this using http://www.freebsd.org/search
> >> >----
> >> >The su way is the proper way to do this.  But if you really want to
> login
> >> >as root remotely you'll have to edit the file /etc/ttys and add "secure"
> >> >to the ttyp? (pseudo ttys).  This will enable you to login as root.
> >> >Please, please, if you do something like this at least use ssh (secure
> >> >shell) as your machine could be compromised very quickly if someone is
> >> >sniffing your network.
> >> >
> >> >Here is a sample entry for /etc/ttys
> >> >
> >> >ttyp0   none    network secure
> >> >ttyp1   none    network secure
> >> >
> >> >and so on...
> >> >
> >> >Another reason this is a bad idea is that if someone does a dictionary
> >> >attack on your telnet login root cannot be compromised.
> >> >----
> >> >
> >> >Hope it helps...
> >> >
> >> >-rob
> >> >( www.namodn.com )
> >> >( robert@namodn.com )
> >> >
> >> >On Fri, 18 Dec 1998, David Shanes wrote:
> >> >
> >> >>     OK, so I thought that I remembered the password, but I got it
> wrong
> >> >> (several times). How do I re-enable an IP address to login as root via
> >> >> telnet?
> >> >>     I am logged in locally as root. Running 2.2.6 release.
> >> >>
> >> >>
> >> >> Thanks,
> >> >> David
> >> >> ____________________________________________
> >> >> David Shanes
> >> >> dshanes@mswin.net
> >> >>
> >> >>
> >> >>
> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org
> >> >> with "unsubscribe freebsd-questions" in the body of the message
> >> >>
> >> >
> >> >
> >> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >> >with "unsubscribe freebsd-questions" in the body of the message
> >>
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message