From owner-freebsd-security Fri May 11 5: 1:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from gobbe.net (gobbe.net [212.83.113.102]) by hub.freebsd.org (Postfix) with ESMTP id BE05537B423 for ; Fri, 11 May 2001 05:01:20 -0700 (PDT) (envelope-from gobbe@gobbe.net) Received: from localhost (gobbe@localhost) by gobbe.net (8.9.3/8.9.3) with ESMTP id OAA30917; Fri, 11 May 2001 14:58:02 +0300 (EEST) (envelope-from gobbe@gobbe.net) Date: Fri, 11 May 2001 14:58:01 +0300 (EEST) From: Jussi Jaurola To: Mike Tancsa Cc: security@FreeBSD.ORG Subject: Re: preventing direct root login on telnetd In-Reply-To: <4.2.2.20010511075525.05d665b0@192.168.0.12> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry, i was wrong. /etc/login.access is the right file, use that (man login.access can help you a little bit). -- Jussi P. Jaurola Network Security Engineer gobbe@gobbe.net Netello Systems, Ltd. http://gobbe.net +358 50 566 9183 On Fri, 11 May 2001, Mike Tancsa wrote: > At 08:57 AM 5/11/2001 +0300, Jussi Jaurola wrote: > >Use /etc/hosts.allow. But I think that telnet protocol is so crappy that > >use ssh instead? > > > The machine is for customer access. I cannot force them to use ssh all the > time so must keep telnet open as an option. How can you use > /etc/hosts.allow which wraps the service to prevent it from being used from > a certain IP/host/network. I dont see how you can use it to prevent a > certain user. > > ---Mike > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Network Administration, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message