Re: Telnet root login

From: Barney Cordoba <barney_cordoba_at_yahoo.com> Date: Fri, 27 Mar 2009 06:02:15 -0700 (PDT) · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:45 UTC

--- On Fri, 3/27/09, Robert Watson <rwatson_at_FreeBSD.org> wrote:

> From: Robert Watson <rwatson_at_FreeBSD.org>
> Subject: Re: Telnet root login
> To: "Barney Cordoba" <barney_cordoba_at_yahoo.com>
> Cc: mail25_at_bzerk.org, current_at_freebsd.org, ed_at_FreeBSD.org
> Date: Friday, March 27, 2009, 8:24 AM
> On Thu, 26 Mar 2009, Barney Cordoba wrote:
> 
> > Ok, I have some critical info here. When I set up ttys
> with the proper pts/0 setting, I can login are root using
> > 
> > login localhost
> > 
> > however when telnet in from my iMAC, it doesn't
> work. It also doesn't give me the "Trying SRA
> secure login" from the mac. So it seems its using a
> different authentication when I telnet from the MAC.
> 
> Hi Barney (and now also Ed!),
> 
> This indeed appears to be the key.  getttyent(3) appears to
> properly return the /etc/ttys entry for pts devices, and the
> TTY_SECURE flag is properly returned.  However,
> pam_securetty isn't using a valid tty name string -- it
> turns out login, invoked by telnet in the non-SRA case,
> assumes it can run the following code to get back the tty
> name:
> 
>         /*
>          * Get current TTY
>          */
>         ttyn = ttyname(STDIN_FILENO);
>         if (ttyn == NULL || *ttyn == '\0') {
>                 (void)snprintf(tname, sizeof(tname),
> "%s??", _PATH_TTY);
>                 ttyn = tname;
>         }
>         if ((tty = strrchr(ttyn, '/')) != NULL)
>                 ++tty;
>         else
>                 tty = ttyn;
> 
> The resulting string ("2" in my case) is passed
> on to PAM as the tty, and then pam_securetty looks that up
> without any success.
> 
> Ed, is this something you could take a look at?  It's
> not clear to me if the above logic just needs fixing, or if
> there are more subtle considerations.
> 
> Thanks,

aha! So putting

0 none network secure

in /etc/ttys works. That also explains why when doing a 'ps -ax' it 
shows the tty as 0. 

I also notice that 'who' is empty when logging in via telnet. When logging
in with ssh who correctly shows the entry. I don't know if that is related
to the invalid terminal name, but its certainly something that needs to
be repaired.

Barney