Date: Fri, 11 May 2001 12:56:28 -0400 From: Mike Tancsa <mike@sentex.net> To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: freebsd-security@freebsd.org Subject: Re: preventing direct root login on telnetd Message-ID: <5.1.0.14.0.20010511125356.02b7cc30@marble.sentex.ca> In-Reply-To: <20010512.012256.74710954.ume@mahoroba.org> References: <4.2.2.20010511075808.023ee200@192.168.0.12> <4.2.2.20010511000303.036916f8@192.168.0.12> <20010511071947.C264@zg.CoDe.hu> <4.2.2.20010511075808.023ee200@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:22 AM 5/12/01 +0900, Hajimu UMEMOTO wrote:
>mike> Yes, I dont ever use it but customers do to this particular machine. I
>mike> will take a look at login.access. Do you know if it works, or if
>telnetd
>mike> now ignores that as well ?
>
>It's working for me. My login.access has following entry:
>
> -:root:ALL EXCEPT console ttyv0 ttyv1 ttyv2 ttyv3 ttyv4 ttyv5 ttyv6 ttyv7
Thanks,
Its almost there. The only problem is that if you give it the
correct password,
[ SRA accepts you ]
Permission denied.
Connection closed by foreign host.
The potential attacker is notified of it being correct before being booted.
>Or, you can disable SRA authentication by adding `-X sra' option to
>telnetd in /etc/inet.conf
Super, this is the best for me for now.
---Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010511125356.02b7cc30>