From owner-freebsd-questions Tue Oct 24 2:36:11 2000 Delivered-To: freebsd-questions@freebsd.org Received: from gus33.homeip.net (hybrid-024-221-140-147.az.sprintbbd.net [24.221.140.147]) by hub.freebsd.org (Postfix) with ESMTP id C960537B479 for ; Tue, 24 Oct 2000 02:36:06 -0700 (PDT) Received: from localhost (kdavey@localhost [127.0.0.1]) by gus33.homeip.net (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id CAA08844; Tue, 24 Oct 2000 02:17:25 -0700 Date: Tue, 24 Oct 2000 02:17:24 -0700 (MST) From: Keith Davey To: Jamie Norwood Cc: bk , freebsd-questions@FreeBSD.ORG Subject: Re: Root-Like telnet account In-Reply-To: <20001024001710.A72677@mushhaven.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG SSH in and then SU is great. Telnet in and SU is just as bad as telnet in directly as root as both the user password and the root password are passed in the clear. I personaly am not a fan of SU for administrative perpuses. I much perfer the use of sudo. In this case I can restrict the usage of administrative privleges, and maintain 100% accountablility. Just my 2 cents Keith Davey Tivoli System On Tue, 24 Oct 2000, Jamie Norwood wrote: > Just wondering, why not just telnet/ssh in then SU?=20 >=20 > Jamie >=20 > On Sat, Oct 21, 2000 at 11:36:33PM -0700, Keith Davey wrote: > >=20 > >=20 > > On Fri, 20 Oct 2000, bk wrote: > >=20 > > > Hello Travor, > > >=20 > > > Monday, October 16, 2000, 12:34:20 AM, you wrote: > > >=20 > > > >> Hi, > > > >> > > > >> I just installed FreeBSD on an older system I have, just to try it= out, > > > MG> and would like to be able to telnet into it, and configure things= remotely. > > > MG> Is is possible to make it so that I can login from root, or that = another > > > MG> account has many of the same pr > > > >> velages as root, such as modifying configuration files? > > >=20 > > > look at /etc/ttys and add "secure" on the terminal you want to connec= t > > > to. if you do not know the right termial, login with a normal account > > > remotely and use the command "w" to see who is online. > > >=20 > > > Example: > > >=20 > > > localhost# w > > > 8:46PM up 1:11, 2 users, load averages: 0.01, 0.00, 0.00 > > > USER TTY FROM LOGIN@ IDLE WHAT > > > root v0 - 7:36PM 1:08 -csh (csh) > > > blabla p0 master 8:39PM - w > > >=20 > > > i am looging in as root remotely from v0 on the console and from p0 > > > remotely. so i have to add secure to the ttyp0 pseudo terminal. > > >=20 > > > If you want to keep your bsd system secure, i suggest you not to allo= w > > > root to login remotely. > > > Create a user with adduser command and put this user into the group > > > "wheel". login with this user and enter "su" to switch to root > > > account. This is more secure, because an external attacker do not kno= w > > > what account is required to logon or to be root. > >=20 > > Another option is to use SSH with RSA key encription only set up. This= is > > a very conveniant and secure way to remotly administrate a box. > >=20 > > Keith Davey > > Tivoli Systems > >=20 > > SNIP > >=20 > > > --=20 > > > Boris K=F6ster > > >=20 > > >=20 > > >=20 > > >=20 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > >=20 > >=20 > >=20 > >=20 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message