Date: Thu, 5 Nov 1998 16:09:05 -0500 From: Christopher Michaels - SSG <ChrisMic@sbservices.com> To: "'junkmale@xtra.co.nz'" <junkmale@xtra.co.nz>, warchild@freenet.hut.fi Cc: freebsd-questions@FreeBSD.ORG Subject: RE: root login remotely Message-ID: <29C83908FF4FD2118D2C00A0C90FCB440873D4@site2s1>
next in thread | raw e-mail | index | archive | help
While I whole heartedly agree with setting up SSH and not having ROOT login remotely, it can be done. The file /etc/ttys lists all the tty's available on your system. You'll notice that the local console/virtual consoles are set as "secure" and the remote tty's are not "secure". If you were to set all the remote ttys to secure, they would allow root logins. Type "man 5 ttys" for more information. NOW, this is a bad idea. This means that ANYONE who is able to telnet to this machine could possibly hack root. Using SU at the very least should be used because this restricts root access to those accounts that are in the group, wheel. This provides several other barriers to the hacker who would try and login as root. #1 They cannot just keep attempting a root login till they get the passwd. #2 They do not know what other accounts are on the system, and on top of that, which are in group wheel. #3 They don't know the passwords to these accounts. By using just SU you add these 3 layers of difficulty to the potential root hacker. By using SSH (which I personally like but may be bordering a little on paranoia) you are also encrypting all of the data between yourself and the remote machine, protecting you from someone who may be on the link between your machine and the remote machine from sniffing your password (which is sent in plain text). Although I beleve there is actually a low probability of this happening, since most shells still use telnet as their default point of access. Just my 2 cents, /* Christopher Michaels - SSG ChrisMic@sbservices.com */ > ----Original Message----- > From: Dan Langille [SMTP:junkmale@xtra.co.nz] > Sent: Thursday, November 05, 1998 2:41 PM > To: warchild@freenet.hut.fi > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: root login remotely > > On 5 Nov 98, at 19:26, Sampsa Kostia wrote: > > > What do I have to do to enable the possibility that > > root could login from another site than local, via telnet. > > I've been told that, for security reasons, root is not allowed to login > remotely. What you can do is use the super user command. su. Login as a > > regular user, who must be a member of the wheel group. Then type su, > supply the root password, and you're effectively root. > > Note: you should consider using a secure shell, such as ssh, for all > remote logins. Normal shells send all text, including passwords and login > > ids, in clear text. > > -- > Dan Langille > The FreeBSD Diary > http://www.FreeBSDDiary.com/freebsd > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29C83908FF4FD2118D2C00A0C90FCB440873D4>