From owner-freebsd-security Fri May 11 5: 0: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 0A74F37B43E for ; Fri, 11 May 2001 05:00:00 -0700 (PDT) (envelope-from mike@sentex.net) Received: from chimp (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.11.2/8.11.1) with ESMTP id f4BBxuV40126; Fri, 11 May 2001 07:59:57 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <4.2.2.20010511075808.023ee200@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Fri, 11 May 2001 07:59:55 -0400 To: Gabor Zahemszky , freebsd-security@freebsd.org From: Mike Tancsa Subject: Re: preventing direct root login on telnetd In-Reply-To: <20010511071947.C264@zg.CoDe.hu> References: <4.2.2.20010511000303.036916f8@192.168.0.12> <4.2.2.20010511000303.036916f8@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 07:19 AM 5/11/2001 +0000, Gabor Zahemszky wrote: >On Fri, May 11, 2001 at 12:09:09AM -0400, Mike Tancsa wrote: > > > > Is there a way to prevent root from logging in directly on STABLE via > telnet ? > >Direct root logins are enabled/disabled via /etc/ttys, aren't it? The new telnetd seems to blow by that. >Or maybe via the /etc/login.access file. man login.access >Btw. Don't use telnet, and never login as root. Use `su' instead. Yes, I dont ever use it but customers do to this particular machine. I will take a look at login.access. Do you know if it works, or if telnetd now ignores that as well ? -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message