Re: Telnet logins

[Barrie Bremner <nospam [at] ecosse.net>]

Alastair Donlon wrote:
> 
> On Thu, Feb 24, 2000 at 02:57:41PM -0000, Andrew Basterfield wrote:
> >
> > Also how would I set up telnet to allow root logins #only# from within my
> > private lan subnet 192.168.0.*, seeing as Slackware apparently doesn't ship
> > with ssh?
> >
> 
> You should _never_ allow a direct root login from anywhere other than
> the terminal. In the event of a root compromise, if the attacker
> logs in directly as root, then you'll have no way of telling who they
> are. The best way is to force everybody to log in as themselves and
> 'su' to root, or use 'sudo'.
> 

Slap me if I`m wrong, since I`ve only been at this for a while, but am I
not correct in saying that even allowing users to su across a telnet
connection is a bad idea, since passwords are transmitted in the clear,
unlike ssh (which I still haven`t setup), where everything is encrypted.

 Also I assume most systems will have a similar file to that present on
my RH6.1 box - /etc/securetty which restricts root logins to tty1-6
only.

-- 
Barrie J. Bremner

Email:      TheEnglishman [at] ecosse.net

URL:    http://www.geocities.com/thefatenglishman

Telephone:	UK 0131 313 3266
Mobile:		UK 07968 792975

	Quis custodiet ipsos custodes?
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.