*BSD News Article 52663


Return to BSD News archive

Newsgroups: comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.kei.com!news.mathworks.com!news.duke.edu!agate!howland.reston.ans.net!EU.net!sun4nl!news.iaf.nl!iafnl.iaf.nl!yedi!wilko
From: wilko@yedi.iaf.nl (Wilko Bulte)
Subject: Re: Privileged telnet access help request.
Organization: Private FreeBSD site - Arnhem, The Netherlands CSgg DJOhttp Mail News Pictures SNAP auto bin cd_link cds correspond datab doc dos etiket folklore fractals freebsd htdocs html humor jubileum machines mail stor vll The Deamon is Free *
Message-ID: <DFw99I.Dn@yedi.iaf.nl>
References: <44p20e$fa0@thrush.sover.net> <812657356.23970@kiss.demon.co.uk>
Date: Tue, 3 Oct 1995 22:32:06 GMT
Lines: 27

phil@zipmail.co.uk (Phil Taylor) writes:

>phapp@top.monad.net (Paul Happ) wrote:

>>I have searched the archives and reviewed the FreeBSD web site and now
>>need to ask your help.

>>Do we do it with /etc/login.access (all lines are as installed,
>>currently commented out)

>>or

>>can we set /etc/ttys  ttyp0 to network on secure

>This is what I have done (up to about ttyp5), it works fine, obviously
>a serious security loophole but, like you I needed remote telnet
>access to root.

>I wasn't that bothered about security as we have a complicated root
>password that is changed frequently, but of course if you log in
>across the 'net then someone could sniff out your password. (probably)

Is there something wrong with 'su'ing root? Apart from the network sniffing
issue you at least have some defense to direct root login attempts

Wilko