From owner-freebsd-security Thu Nov 19 21:01:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA13310 for freebsd-security-outgoing; Thu, 19 Nov 1998 21:01:09 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA13304 for ; Thu, 19 Nov 1998 21:01:05 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with ESMTP id RAA02035; Fri, 20 Nov 1998 17:58:42 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Fri, 20 Nov 1998 17:58:41 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Kris Kennaway cc: David Gilbert , Stefan `Sec` Zehl , freebsd-security@FreeBSD.ORG Subject: Re: no more pty's / lockout In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 20 Nov 1998, Kris Kennaway wrote: > On Thu, 19 Nov 1998, David Gilbert wrote: > > > ssh (and I believe rsh... but I don't use it) will allow a > > login without an available tty as follows: > > > > ssh -l root "bash -i" > > or csh -i, etc. > > The rsh version also won't leave traces in your utmp (at least, they don't on > other systems), never tried it with ssh but I'd expect something similar. I've come across hacker texts which reccomend using a non-interactive shell for this reason. Any suggestions on simple ways to see who's on line that get around this problem? Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message