From owner-freebsd-security Fri May 11 0:21:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4]) by hub.freebsd.org (Postfix) with ESMTP id 5CA5737B422 for ; Fri, 11 May 2001 00:21:20 -0700 (PDT) (envelope-from hu006co@mail.euroweb.hu) Received: (from hu006co@localhost) by mail.euroweb.hu (8.8.5/8.8.5) id JAA15214; Fri, 11 May 2001 09:21:18 +0200 (MET DST) Received: (from zgabor@localhost) by zg.CoDe.hu (8.11.3/8.11.1) id f4B7JmC00321; Fri, 11 May 2001 07:19:48 GMT (envelope-from zgabor) Date: Fri, 11 May 2001 07:19:47 +0000 From: Gabor Zahemszky To: freebsd-security@freebsd.org Cc: mike@sentex.net Subject: Re: preventing direct root login on telnetd Message-ID: <20010511071947.C264@zg.CoDe.hu> References: <4.2.2.20010511000303.036916f8@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.2.2.20010511000303.036916f8@192.168.0.12>; from mike@sentex.net on Fri, May 11, 2001 at 12:09:09AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, May 11, 2001 at 12:09:09AM -0400, Mike Tancsa wrote: > > Is there a way to prevent root from logging in directly on STABLE via telnet ? Direct root logins are enabled/disabled via /etc/ttys, aren't it? --- # status Must be on or off. If on, init will run the getty program on # the specified port. If the word "secure" appears, this tty # allows root login. --- # Pseudo terminals ttyp0 none network on secure ttyp1 none network off --- Or maybe via the /etc/login.access file. man login.access Btw. Don't use telnet, and never login as root. Use `su' instead. ZGabor at CoDe dot HU -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message