From owner-freebsd-security Fri May 11 4:58: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 00F9037B422 for ; Fri, 11 May 2001 04:58:01 -0700 (PDT) (envelope-from mike@sentex.net) Received: from chimp (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.11.2/8.11.1) with ESMTP id f4BBvoV39938; Fri, 11 May 2001 07:57:51 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <4.2.2.20010511075525.05d665b0@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Fri, 11 May 2001 07:57:49 -0400 To: Jussi Jaurola From: Mike Tancsa Subject: Re: preventing direct root login on telnetd Cc: security@FreeBSD.ORG In-Reply-To: References: <4.2.2.20010511000303.036916f8@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:57 AM 5/11/2001 +0300, Jussi Jaurola wrote: >Use /etc/hosts.allow. But I think that telnet protocol is so crappy that >use ssh instead? The machine is for customer access. I cannot force them to use ssh all the time so must keep telnet open as an option. How can you use /etc/hosts.allow which wraps the service to prevent it from being used from a certain IP/host/network. I dont see how you can use it to prevent a certain user. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message