-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Elischer wrote: > Ian FREISLICH wrote: >> Barney Cordoba wrote: >>>> Barney, you have to make the network pseudo ttys secure, >>>> like: >>>> >>>> ttyp0 none network secure >>>> >>>> Ruben >>> Yes, the "its not a good idea" is dependent on whatever other >>> security you have in place. Having to log in twice to a test >>> machine on a secure internal network is an unnecessary annoyance. >>> The concept that every FreeBSD box in existence is publically accessible >>> is one of those ASSumptions that people should leave at the door. >>> >>> Ruben, the method you cite no longer works in -current as they've >>> changed things once again (which happens way too often when your CEOs >>> are a bunch of bearded academics :) >>> >>> I'm not sure if its the pty (the login terminal shows as pty/0 and no >>> longer ttyp0), or if its some PAM thing. Its rather annoying. >>> Such things as >>> pty/0 none network secure >>> pty0 none network secure >>> >>> equally don't work. And I see no mention in any document as to how it >>> would be achieved with the current >> >> Then use ssh and set "PermitRootLogin yes" in /etc/ssh/sshd_config > > this doesn't work if you are usinf a set of machines run from a central > machine using nc (netcat) to do scripted i/o through a telnet session on > the other machines (for example). > > The advantage of telnet is you can pipe nc straight into it. Julian, I don't know nc, but can't you stick keys in your ~/.ssh, then use ssh the same way? Doing without passwords, but keeping your security, inside nc? I think, at minimum, you could use ssh forwarding, but doesn't nc allow this directly? I just hate the idea of killing all the security, and hadn't yet seen any (even wildly unlikely) scenario that needs you to do that. I begin to suspect that there might be a whole lot of folks who aren't aware of how to use ssh to eliminate passwords. Security writeups are always too complicated, that's a truism. > >> >> Ian >> >> -- >> Ian Freislich >> _______________________________________________ >> freebsd-current_at_freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to >> "freebsd-current-unsubscribe_at_freebsd.org" > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknKwg4ACgkQz62J6PPcoOnHGwCfSoXjcZutte69n/m7kVOFea2X 6xYAn0z14igUW4pebFj8oSfsOWrW4Jbq =NWWf -----END PGP SIGNATURE-----Received on Wed Mar 25 2009 - 22:45:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:45 UTC