Date: Fri, 11 May 2001 19:26:41 +0300 From: Peter Pentchev <roam@orbitel.bg> To: mike@sentex.net Cc: Hajimu UMEMOTO <ume@mahoroba.org>, ZGabor@CoDe.hu, freebsd-security@freebsd.org Subject: Re: preventing direct root login on telnetd Message-ID: <20010511192641.E24224@ringworld.oblivion.bg> In-Reply-To: <20010512.012256.74710954.ume@mahoroba.org>; from ume@mahoroba.org on Sat, May 12, 2001 at 01:22:56AM %2B0900 References: <4.2.2.20010511000303.036916f8@192.168.0.12> <20010511071947.C264@zg.CoDe.hu> <4.2.2.20010511075808.023ee200@192.168.0.12> <20010512.012256.74710954.ume@mahoroba.org>
index | next in thread | previous in thread | raw e-mail
On Sat, May 12, 2001 at 01:22:56AM +0900, Hajimu UMEMOTO wrote: > >>>>> On Fri, 11 May 2001 07:59:55 -0400 > >>>>> Mike Tancsa <mike@sentex.net> said: > > >Or maybe via the /etc/login.access file. man login.access > >Btw. Don't use telnet, and never login as root. Use `su' instead. > > mike> Yes, I dont ever use it but customers do to this particular machine. I > mike> will take a look at login.access. Do you know if it works, or if telnetd > mike> now ignores that as well ? > > It's working for me. My login.access has following entry: > > -:root:ALL EXCEPT console ttyv0 ttyv1 ttyv2 ttyv3 ttyv4 ttyv5 ttyv6 ttyv7 > > Or, you can disable SRA authentication by adding `-X sra' option to > telnetd in /etc/inet.conf login.conf should work - telnetd invokes login(1). G'luck, Peter -- What would this sentence be like if it weren't self-referential? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010511192641.E24224>