Date: Fri, 02 Nov 2001 19:28:09 -0500 From: "Doug Reynolds" <mav@wastegate.net> To: "Anthony Atkielski" <anthony@atkielski.com>, "FreeBSD Questions" <freebsd-questions@freebsd.org>, "Mike Meyer" <mwm@mired.org> Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <20011103002908.CB08C37B408@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
On Fri, 2 Nov 2001 06:29:27 +0100, Anthony Atkielski wrote: >Point taken. In practice, however, administrators tend to drift towards >"massively insecure" as they try to overcome "massively inadequate." > >For example, one change I made to my system was to allow root logins from remote >terminals. I'd prefer to limit remote logins to root to my other machine, which >is on the LAN, but I'm not aware of an option to force that, so I had to open >root logins to the world. Thus, in order to obtain needed functionality, I had >to compromise security far more than I would have liked. > >(BTW, if there is a way to restrict the ability to log in as root to remote >connections from certain IP addresses only, I'd appreciate knowing how to do >this.) why dont you just add a user account to the wheel group, so you can su to root. I think that is still a lot more secure than logging in as root from telnet / ssh. --- doug reynolds | the maverick | mav@wastegate.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011103002908.CB08C37B408>