Re: Telnet logins

[Al Hudson <nospam [at] york.ac.uk>]

On Thu, 24 Feb 2000, Barrie Bremner wrote:
> > You should _never_ allow a direct root login from anywhere other than
> > the terminal. In the event of a root compromise, if the attacker
> > logs in directly as root, then you'll have no way of telling who they
> > are. The best way is to force everybody to log in as themselves and
> > 'su' to root, or use 'sudo'.
> Slap me if I`m wrong, since I`ve only been at this for a while, but am I
> not correct in saying that even allowing users to su across a telnet
> connection is a bad idea, since passwords are transmitted in the clear,
> unlike ssh (which I still haven`t setup), where everything is encrypted.

You're both right, in a sense! I think the root access direct via telnet
is more to do with cracking - yes, certainly, using a su over a user
telnet session would allow sniffing attacks, but it's not anywhere near as
easy as compromising a root user account straight off. At least, NAFAIK.
But yes, at the end of the day, telnet sessions are insecure and should
not be used to administrate systems.

>  Also I assume most systems will have a similar file to that present on
> my RH6.1 box - /etc/securetty which restricts root logins to tty1-6
> only.

I know of people who delete that file. (shudder)

Cheers,

Alex.


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.