Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Oct 2000 02:17:24 -0700 (MST)
From:      Keith Davey <kdavey@gus33.homeip.net>
To:        Jamie Norwood <mistwolf@mushhaven.net>
Cc:        bk <koester@x-itec.de>, freebsd-questions@FreeBSD.ORG
Subject:   Re: Root-Like telnet account
Message-ID:  <Pine.LNX.4.21.0010240214200.8795-100000@gus33.homeip.net>
In-Reply-To: <20001024001710.A72677@mushhaven.net>

next in thread | previous in thread | raw e-mail | index | archive | help

SSH in and then SU is great.  Telnet in and SU is just as bad as telnet in
directly as root as both the user password and the root password are
passed in the clear.

I personaly am not a fan of SU for administrative perpuses.  I much perfer
the use of sudo.  In this case I can restrict the usage of administrative
privleges, and maintain 100% accountablility.  Just my 2 cents

Keith Davey
Tivoli System


On Tue, 24 Oct 2000, Jamie Norwood wrote:

> Just wondering, why not just telnet/ssh in then SU?=20
>=20
> Jamie
>=20
> On Sat, Oct 21, 2000 at 11:36:33PM -0700, Keith Davey wrote:
> >=20
> >=20
> > On Fri, 20 Oct 2000, bk wrote:
> >=20
> > > Hello Travor,
> > >=20
> > > Monday, October 16, 2000, 12:34:20 AM, you wrote:
> > >=20
> > > >> Hi,
> > > >>
> > > >> I just installed FreeBSD on an older system I have, just to try it=
 out,
> > > MG> and would like to be able to telnet into it, and configure things=
 remotely.
> > > MG> Is is possible to make it so that I can login from root, or that =
another
> > > MG> account has many of the same pr
> > > >> velages as root, such as modifying configuration files?
> > >=20
> > > look at /etc/ttys and add "secure" on the terminal you want to connec=
t
> > > to. if you do not know the right termial, login with a normal account
> > > remotely and use the command "w" to see who is online.
> > >=20
> > > Example:
> > >=20
> > > localhost# w
> > >  8:46PM  up  1:11, 2 users, load averages: 0.01, 0.00, 0.00
> > > USER             TTY      FROM              LOGIN@  IDLE WHAT
> > > root             v0       -                 7:36PM  1:08 -csh (csh)
> > > blabla           p0       master            8:39PM     - w
> > >=20
> > > i am looging in as root remotely from v0 on the console and from p0
> > > remotely. so i have to add secure to the ttyp0 pseudo terminal.
> > >=20
> > > If you want to keep your bsd system secure, i suggest you not to allo=
w
> > > root to login remotely.
> > > Create a user with adduser command and put this user into the group
> > > "wheel". login with this user and enter "su" to switch to root
> > > account. This is more secure, because an external attacker do not kno=
w
> > > what account is required to logon or to be root.
> >=20
> > Another option is to use SSH with RSA key encription only set up.  This=
 is
> > a very conveniant and secure way to remotly administrate a box.
> >=20
> > Keith Davey
> > Tivoli Systems
> >=20
> > SNIP
> >=20
> > > --=20
> > > Boris K=F6ster
> > >=20
> > >=20
> > >=20
> > >=20
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-questions" in the body of the message
> > >=20
> >=20
> >=20
> >=20
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
>=20



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0010240214200.8795-100000>