From owner-freebsd-questions  Sat Oct 21 23:54:20 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from gus33.homeip.net (hybrid-024-221-140-147.az.sprintbbd.net [24.221.140.147])
	by hub.freebsd.org (Postfix) with ESMTP id F223E37B4D7
	for <freebsd-questions@FreeBSD.ORG>; Sat, 21 Oct 2000 23:54:15 -0700 (PDT)
Received: from localhost (kdavey@localhost [127.0.0.1])
	by gus33.homeip.net (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id XAA00715;
	Sat, 21 Oct 2000 23:36:34 -0700
Date: Sat, 21 Oct 2000 23:36:33 -0700 (MST)
From: Keith Davey <kdavey@gus33.homeip.net>
To: bk <koester@x-itec.de>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Root-Like telnet account
In-Reply-To: <14122691348.20001020183900@x-itec.de>
Message-ID: <Pine.LNX.4.21.0010212334220.684-100000@gus33.homeip.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



On Fri, 20 Oct 2000, bk wrote:

> Hello Travor,
>=20
> Monday, October 16, 2000, 12:34:20 AM, you wrote:
>=20
> >> Hi,
> >>
> >> I just installed FreeBSD on an older system I have, just to try it out=
,
> MG> and would like to be able to telnet into it, and configure things rem=
otely.
> MG> Is is possible to make it so that I can login from root, or that anot=
her
> MG> account has many of the same pr
> >> velages as root, such as modifying configuration files?
>=20
> look at /etc/ttys and add "secure" on the terminal you want to connect
> to. if you do not know the right termial, login with a normal account
> remotely and use the command "w" to see who is online.
>=20
> Example:
>=20
> localhost# w
>  8:46PM  up  1:11, 2 users, load averages: 0.01, 0.00, 0.00
> USER             TTY      FROM              LOGIN@  IDLE WHAT
> root             v0       -                 7:36PM  1:08 -csh (csh)
> blabla           p0       master            8:39PM     - w
>=20
> i am looging in as root remotely from v0 on the console and from p0
> remotely. so i have to add secure to the ttyp0 pseudo terminal.
>=20
> If you want to keep your bsd system secure, i suggest you not to allow
> root to login remotely.
> Create a user with adduser command and put this user into the group
> "wheel". login with this user and enter "su" to switch to root
> account. This is more secure, because an external attacker do not know
> what account is required to logon or to be root.

Another option is to use SSH with RSA key encription only set up.  This is
a very conveniant and secure way to remotly administrate a box.

Keith Davey
Tivoli Systems

SNIP

> --=20
> Boris K=F6ster
>=20
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>=20



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message