From owner-freebsd-stable Wed May 2 9:44:15 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lax.whistle.com (lax.whistle.com [207.76.205.133]) by hub.freebsd.org (Postfix) with ESMTP id 83E4237B422 for ; Wed, 2 May 2001 09:44:13 -0700 (PDT) (envelope-from evan@whistle.com) Received: from whistle.com (lax.whistle.com [207.76.205.133]) by lax.whistle.com (8.11.3/8.11.3) with ESMTP id f42Gi3321467; Wed, 2 May 2001 09:44:03 -0700 (PDT) (envelope-from evan@whistle.com) Message-ID: <3AF03953.A69B178F@whistle.com> Date: Wed, 02 May 2001 09:44:03 -0700 From: Evan Oldford Organization: Whistle Communications X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.3-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Gavin Atkinson Cc: Nick Barnes , freebsd-stable@FreeBSD.ORG Subject: Re: telnet sometimes gets "SRA secure login" prompt?? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Gavin Atkinson wrote: > > On Wed, 2 May 2001, Nick Barnes wrote: > > In particular, does it appear if I have installed the > > crypto distrib on both source and target of the telnet? > > Yeah - it's part of the crypto package. Worryingly, it also allows you to > telnet in (from localhost or externally) as root... totally losing the > protection gained by having the wheel group... > > Gavin > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message Edit your /etc/inetd.conf "-a" option (man telnetd) telnet stream tcp nowait root /usr/libexec/telnetd telnetd -a off and Edit your /etc/ttys remove the "secure" entries to your Pseudo terminals -- _______________________________________________________________________ Evan Oldford * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message