Re: Telnet root login

From: Julian Elischer <julian_at_elischer.org>
Date: Wed, 25 Mar 2009 17:14:54 -0700
Chuck Robey wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Julian Elischer wrote:
>> Ian FREISLICH wrote:
>>> Barney Cordoba wrote:
>>>>> Barney, you have to make the network pseudo ttys secure,
>>>>> like:
>>>>>
>>>>> ttyp0   none    network    secure
>>>>>
>>>>> Ruben
>>>> Yes, the "its not a good idea" is dependent on whatever other
>>>> security you have in place. Having to log in twice to a test
>>>> machine on a secure internal network is an unnecessary annoyance.
>>>> The concept that every FreeBSD box in existence is publically accessible
>>>> is one of those ASSumptions that people should leave at the door.
>>>>
>>>> Ruben, the method you cite no longer works in -current as they've
>>>> changed things once again (which happens way too often when your CEOs
>>>> are a bunch of bearded academics :)
>>>>
>>>> I'm not sure if its the pty (the login terminal shows as pty/0 and no
>>>> longer ttyp0), or if its some PAM thing. Its rather annoying.
>>>> Such things as
>>>> pty/0 none network secure
>>>> pty0 none network secure
>>>>
>>>> equally don't work. And I see no mention in any document as to how it
>>>> would be achieved with the current
>>> Then use ssh and set "PermitRootLogin yes" in /etc/ssh/sshd_config
>> this doesn't work if you are usinf a set of machines run from a central
>> machine using nc (netcat) to do scripted i/o through a telnet session on
>> the other machines (for example).
>>
>> The advantage of telnet is you can pipe nc straight into it.
> 
> Julian, I don't know nc, but can't you stick keys in your ~/.ssh, then use ssh
> the same way?  Doing without passwords, but keeping your security, inside nc?  I
> think, at minimum, you could use ssh forwarding, but doesn't nc allow this
> directly?  I just hate the idea of killing all the security, and hadn't yet seen
> any (even wildly unlikely) scenario that needs you to do that.
> 
> I begin to suspect that there might be a whole lot of folks who aren't aware of
> how to use ssh to eliminate passwords.  Security writeups are always too
> complicated, that's a truism.

Oh I know about SSH and keys but teh ability to pipe data into s tcp 
socket and have it fed into another process is really useful in 
testing. and of course no encryption overhead.


> 
>>> Ian
>>>
>>> -- 
>>> Ian Freislich
>>> _______________________________________________
>>> freebsd-current_at_freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>>> To unsubscribe, send any mail to
>>> "freebsd-current-unsubscribe_at_freebsd.org"
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (FreeBSD)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAknKwg4ACgkQz62J6PPcoOnHGwCfSoXjcZutte69n/m7kVOFea2X
> 6xYAn0z14igUW4pebFj8oSfsOWrW4Jbq
> =NWWf
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
Received on Wed Mar 25 2009 - 23:14:41 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:45 UTC