|
-
March 27th, 2002, 08:38 PM
#11
Well first of all loging in as root over telnet isn't going to happen because telnet won't allow for root connections. Second of all telnet is all in plain text and not encrypted at all. Secure Shell on the other hand will allow for root login unless taken out of the ssh config file. But by default it will allow for root logons its alot safer then telnet because its encrypted at 128 bit (i could be wrong on this one) But i would still highly advise that you login in as root only if you need to else things seemed to get screwed up way to fast! 
-
March 27th, 2002, 08:52 PM
#12
else things seemed to get screwed up way to fast!
Agree with you on that one, linuxcommando.
-
March 27th, 2002, 09:11 PM
#13
uh linuxcommando, if you were such a commando you would know that root logins through telnet are possible.
-
March 27th, 2002, 09:48 PM
#14
You can change the /etc/securetty (spelling?) file to determine how root can log in. I disallow all root logins. I am the only admin, and I still require myself to su to root. If, by some chance, someone somehow gets the root password, they can't login directly, and the su would be noticeable. Especially since none of the users here know how to use *nix. 
Also, by forcing myself to su, it guarantees that I want to be root. I actually have to login twice to do something, so I force myself to think about what I am doing before I really screw something up.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 28th, 2002, 05:27 AM
#15
Member
Originally posted here by celfie
su provides cryptographically secured authentication. which protects from tcp hijacking and spoofing. and sniffing.
If the remote user, connects to the terminal without SSH etc. su will not provide any protection against sniffers.
 
-
March 28th, 2002, 06:22 AM
#16
You can change the /etc/securetty (spelling?) file to determine how root can log in. I disallow all root logins. I am the only admin, and I still require myself to su to root. If, by some chance, someone somehow gets the root password, they can't login directly, and the su would be noticeable. Especially since none of the users here know how to use *nix.
souleman is right. Edit your /etc/securetty file (yes that is the correct spelling) and comment out all the ttyx lines to disallow root logins. For example:
#tty1
#tty2
#tty3
#tty4
#tty5
#tty6
#tty7
#tty8
This mean no-one can login as root. They have to su -. FTP also has it's own files to stop logins from certain accounts. Use /etc/ftpusers to specify which accounts can't login to ftp (eg root, mail...). This has been deprecated for newer versions of linux/ftp. In this case use /etc/ftpaccess to specify the system accounts.
OpenBSD - The proactively secure operating system.
-
March 28th, 2002, 02:28 PM
#17
Senior Member
Thanks for the help guy's i too was wonderin about remote root as i am a self connfessed [pong] newbie [/pong]
[pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
