--- On Wed, 3/25/09, Ruben de Groot <mail25_at_bzerk.org> wrote: > From: Ruben de Groot <mail25_at_bzerk.org> > Subject: Re: Telnet root login > To: "Chuck Robey" <chuckr_at_telenix.org> > Cc: barney_cordoba_at_yahoo.com, current_at_freebsd.org > Date: Wednesday, March 25, 2009, 5:53 AM > On Tue, Mar 24, 2009 at 08:56:28PM -0400, Chuck Robey typed: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Barney Cordoba wrote: > > > How do you enable root telnet access in current? > I remember having some > > > issue with specifying pty/0 in ttys years ago in > linux but the right > > > way to do it excapes me. > > > > I really wouldn't do that. If you have to get > external root access, use ssh, > > but if you haven't been broken into yourself, > it's FAR more likely that you just > > haven't seen it, than it hasn't happened. You > don't want to allow folks into > > your machine, there isn't any such thing as honor > among those folks. > > Sound advice, but not an answer to his question. > Barney, you have to make the network pseudo ttys secure, > like: > > ttyp0 none network secure > > Ruben Yes, the "its not a good idea" is dependent on whatever other security you have in place. Having to log in twice to a test machine on a secure internal network is an unnecessary annoyance. The concept that every FreeBSD box in existence is publically accessible is one of those ASSumptions that people should leave at the door. Ruben, the method you cite no longer works in -current as they've changed things once again (which happens way too often when your CEOs are a bunch of bearded academics :) I'm not sure if its the pty (the login terminal shows as pty/0 and no longer ttyp0), or if its some PAM thing. Its rather annoying. Such things as pty/0 none network secure pty0 none network secure equally don't work. And I see no mention in any document as to how it would be achieved with the current BarneyReceived on Wed Mar 25 2009 - 10:25:21 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:44 UTC