From owner-freebsd-questions  Wed Mar 11 21:23:42 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA03844
          for freebsd-questions-outgoing; Wed, 11 Mar 1998 21:23:42 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA03796
          for <freebsd-questions@FreeBSD.ORG>; Wed, 11 Mar 1998 21:23:29 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id VAA16607;
          Wed, 11 Mar 1998 21:23:25 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Wed, 11 Mar 1998 21:23:25 -0800 (PST)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: Leif Neland <leifn@image.dk>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: How do you assign the ROOT user to be able to access via TELNET?
In-Reply-To: <634_9803120015@swimsuit.swimsuit.roskildebc.dk>
Message-ID: <Pine.BSF.3.96.980311212210.16485Y-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 11 Mar 1998, Leif Neland wrote:

> At 11 Mar 98 10:28:26 Greg Lehey wrote regarding Re: How do you assign the ROOT
> user to be able to access via TELNET?
> 
>  GL> You log in as yourself, and then use su to become root.  All
>  GL> else is such an enormous security hole that you don't even want
>  GL> to think about it.
> 
> Why, really?
> 
> What's the difference between getting the rootpassword sniffed at
> login, and when su'ing? Other than the sniffer probably need to snif both your
> normal password, and the rootpassword, if he doesn't have one himself and are
> in group wheel.

Well, you have safeguards in place to keep people from sniffing, right?
Disabled telnet, use ssh exclusively?

In this case it creates two walls to get through -- the user's and then
root's passwords.  Hacking one password is hard enough, two can be
downright impossible with limited time.


Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message