From owner-freebsd-questions Tue Jul 2 04:16:57 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id EAA29297 for questions-outgoing; Tue, 2 Jul 1996 04:16:57 -0700 (PDT) Received: from mistery.mcafee.com (root@mistery.mcafee.com [192.187.128.69]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id EAA29291 for ; Tue, 2 Jul 1996 04:16:55 -0700 (PDT) Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id BAA22985; Fri, 2 Jul 2010 01:18:50 -0700 From: Jim Dennis Message-Id: <201007020818.BAA22985@mistery.mcafee.com> Subject: Re: rlogin as root refused To: terry@lambert.org (Terry Lambert) Date: Fri, 2 Jul 110 01:18:50 -0700 (PDT) Cc: mc7953@mclink.it, questions@freebsd.org In-Reply-To: <199607012209.PAA06700@phaeton.artisoft.com> from "Terry Lambert" at Jul 1, 96 03:09:51 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > I'm getting problems doing rlogin as root, always when towards FreeBSD > > machines. > > I can do rsh generic commands and rcp, but not rlogin. > > I set a "+" in the ~root/.rhosts file, but this doesn't suffice. > > It is *dangerous* to do this. You want to specify particular machines > and users, if you allow this at all. I agree. Use 'su -' or build and configure 'sudo'. > The pty's do not allow root login. This is a security option which > you *can* turn off. We advise against it strongly (so strongly, > that by default we don't allow it, and you have to turn it off). I think this is a wise design choice (even if you think your machine is "safe" behind packet filters, and firewalls, and even if you've installed and correctly configured TCP Wrappers). Jim Dennis, former System Administrator, McAfee Associates