[ale] Telnet for Root

Michael H. Warfield mhw at wittsend.com
Mon Oct 11 10:13:47 EDT 1999


On Mon, Oct 11, 1999 at 09:37:14AM -0500, Malcolm Silberman wrote:
> Any idea why I can't trelnet into my server as root. Shadow passwords
> are on. I can telnet as any other user. Thiught it may be the client
> (standard win98 telnet application), but then why can I access through
> my other users. Sounds like I am doing something stupid!

	The obvious response is...  Yes, you are.  You are trying to telnet
in as root and that really is stupid.  The answer to your question is
that root access is restricted by /etc/securetty.  After getting hammered
repeatedly over security breaches and screwups, many of the distributions
are restricting direct root login over the network by only having the
virtual consoles in /etc/sercuretty.  That is why the PPC challenge
people were able to publish the root password to the machine on their
web site and, still, no one was able to break in.

	Why don't you go with a secure alternative to telnet, such as ssh
(or telnets - SSL enabled telnet)?  You really shouldn't be passing your
root password around in the clear on the net!  Ssh works great and is not
that difficult to set up.  It's not in the standard distributions only
because of the dain bramaged US Export regulations regarding cryptography.
With that, you can securely access your system as root and not expose
yourself to sniffers and other nasties.  I don't even ALLOW telnet (or
rsh, or rlogin, or rcp) in any form on my systems.  Ssh just works too
well and the risks are just too great.

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!






More information about the Ale mailing list