From owner-freebsd-security Fri May 11 10: 3:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 9EE6D37B423 for ; Fri, 11 May 2001 10:03:07 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simoeon.sentex.net (simeon.sentex.ca [209.112.4.47]) by smtp1.sentex.ca (8.11.2/8.11.1) with ESMTP id f4BH2VU93774; Fri, 11 May 2001 13:02:31 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20010511125356.02b7cc30@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 11 May 2001 12:56:28 -0400 To: Hajimu UMEMOTO From: Mike Tancsa Subject: Re: preventing direct root login on telnetd Cc: freebsd-security@freebsd.org In-Reply-To: <20010512.012256.74710954.ume@mahoroba.org> References: <4.2.2.20010511075808.023ee200@192.168.0.12> <4.2.2.20010511000303.036916f8@192.168.0.12> <20010511071947.C264@zg.CoDe.hu> <4.2.2.20010511075808.023ee200@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:22 AM 5/12/01 +0900, Hajimu UMEMOTO wrote: >mike> Yes, I dont ever use it but customers do to this particular machine. I >mike> will take a look at login.access. Do you know if it works, or if >telnetd >mike> now ignores that as well ? > >It's working for me. My login.access has following entry: > > -:root:ALL EXCEPT console ttyv0 ttyv1 ttyv2 ttyv3 ttyv4 ttyv5 ttyv6 ttyv7 Thanks, Its almost there. The only problem is that if you give it the correct password, [ SRA accepts you ] Permission denied. Connection closed by foreign host. The potential attacker is notified of it being correct before being booted. >Or, you can disable SRA authentication by adding `-X sra' option to >telnetd in /etc/inet.conf Super, this is the best for me for now. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message