From owner-freebsd-questions Tue Mar 21 9:21:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from nsa-mail.us.newbridge.com (nsa-mail.us.newbridge.com [209.58.11.226]) by hub.freebsd.org (Postfix) with ESMTP id 6D42737BD6E for ; Tue, 21 Mar 2000 09:21:14 -0800 (PST) (envelope-from skumar@newbridge.com) Received: (from smtpd@localhost) by nsa-mail.us.newbridge.com (8.9.3/8.9.2) id MAA05399 for ; Tue, 21 Mar 2000 12:15:02 -0500 (EST) Received: from nsa-gw1.us.newbridge.com(209.58.11.225), claiming to be "herndon-mh1.us.newbridge.com" via SMTP by nsa-mail.us.newbridge.com, id smtpdAAAa001KG; Tue Mar 21 12:14:52 2000 Received: from nsamail01.us.newbridge.com by herndon-mh1.us.newbridge.com with ESMTP for questions@FreeBSD.ORG; Tue, 21 Mar 2000 12:20:54 -0500 Received: from newbridge.com ([138.120.241.137]) by nsamail01.us.newbridge.com (Netscape Messaging Server 3.6) with ESMTP id AAA2343; Tue, 21 Mar 2000 12:20:53 -0500 Message-Id: <38D7AC1B.B6EB8525@newbridge.com> Date: Tue, 21 Mar 2000 12:06:35 -0500 From: Srikanth Kumar Organization: Newbridge Networks Inc. X-Mailer: Mozilla 4.08 [en] (X11; U; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: cjclark@home.com Cc: questions@FreeBSD.ORG Subject: Re: Can't remote login as root References: <38D69CC7.4FD9A386@newbridge.com> <20000320223031.B81950@cc942873-a.ewndsr1.nj.home.com> Content-Type: multipart/alternative; boundary="------------FEFF84C3CD0989A9BAFDC8A3" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --------------FEFF84C3CD0989A9BAFDC8A3 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Doug, Cliff, Kevin, Chris, Crist, Thank you all for taking the time to answer. Your method (of marking the terminal secure) is the approach I have taken. We are using a Free BSD m/c in the lab to test our routing stack, which needs to be run in priveleged mode. However, I have let people know about your security concerns, and the reasons for the Free BSD remote login philosophy. Thanks again, -Sri Kumar. Crist J. Clark wrote: > On Mon, Mar 20, 2000 at 04:48:55PM -0500, Srikanth Kumar wrote: > > Hi, > > > > $ uname -a > > FreeBSD BSD001 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Wed Mar 8 08:15:32 > > EST 2000 root@BSD001:/usr/src/sys/compile/KERN_T1_QUAD i386 > > > > I am unable to login to the Free BSD machine from a remote terminal, as > > root. > > I have been logging in as another user, and doing an su, to get root > > access. > > Can you help me out from this situation? > > FreeBSD does not allow remote root access by default. This is a > feature, not a bug. Logging in as another user and su(1)ing to root is > the prefered method to get administrator access. Why is that a > problem? > > To disable this security feature, go to /etc/tty and mark the > appropriate terminals 'secure.' > -- > Crist J. Clark cjclark@home.com -- _____________________________________________________________________________ Srikanth Kumar skumar@newbridge.com Ph: 703-736-5923 Newbridge Networks 593 Herndon Pkwy, Herndon, VA, 20170 Fax: 703-736-5959 Expressed opinions of skumar. NN may not share the same view. --------------FEFF84C3CD0989A9BAFDC8A3 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Doug, Cliff, Kevin, Chris, Crist,
Thank you all for taking the time to answer. Your method (of marking
the terminal secure) is the approach I have taken. We are using a Free BSD
m/c in the lab to test our routing stack, which needs to be run in priveleged
mode.
However, I have let people know about your
security concerns, and the reasons for the Free BSD remote login philosophy.
Thanks again,
-Sri Kumar.

Crist J. Clark wrote:

On Mon, Mar 20, 2000 at 04:48:55PM -0500, Srikanth Kumar wrote:
> Hi,
>
> $ uname -a
> FreeBSD BSD001 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Wed Mar  8 08:15:32
> EST 2000     root@BSD001:/usr/src/sys/compile/KERN_T1_QUAD  i386
>
> I am unable to login to the Free BSD machine from a remote terminal, as
> root.
> I have been logging in as another user, and doing an su, to get root
> access.
> Can you help me out from this situation?

FreeBSD does not allow remote root access by default. This is a
feature, not a bug. Logging in as another user and su(1)ing to root is
the prefered method to get administrator access. Why is that a
problem?

To disable this security feature, go to /etc/tty and mark the
appropriate terminals 'secure.'
--
Crist J. Clark                           cjclark@home.com

-- 
_____________________________________________________________________________
Srikanth Kumar           skumar@newbridge.com              Ph:  703-736-5923
Newbridge Networks  593 Herndon Pkwy, Herndon, VA, 20170   Fax:  703-736-5959
Expressed opinions of skumar. NN may not share the same view.
  --------------FEFF84C3CD0989A9BAFDC8A3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message