[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: losing root access through telnet
I second everything said below. Logging as root and even remotely su'ing as root
over a telnet connections is a bad idea. Just so you know though, RH Linux 5.x
and greater ships using PAM (Pluggable Authentification Modules) and the default
setting for login uses the securetty module. Which means that there should be a
file /etc/securetty that lists the devices from which root can login. My advice to
you is don't change, and do get ssh (or some sort of software that provides a
encrypted connection between clients and your host) if you need to remotely
adminster the machine. Its just too easy for someone to use a sniffer and see
those plain text passwords.
Hope this helps...james
"Stanislav Malyshev a.k.a Frodo" wrote:
> OA>> hello.
> OA>> I seem to have a problem with telneting to my machine (running RH5.2) -
> OA>> sometime, I think that after I lose connection abrupty (i.e. my modem
> OA>> disconnects with no prior notice) while logged in as root, I seem to lose
> OA>> access to the root account - I always get the 'login incorrect' message.
>
> Did I understand you right that you login as root *VIA TELNET*? Please,
> lookup word "security" in the dictionary. Then:
> 1) never ever use telnet, use ssh
> 2) if 1) impossible, never ever login remotely as root. Login as user and
> then sudo (or su, which is worse). As you should know already, working
> under root is VERY bad, so sudo should suffice.
>
> OA>> other account function just fine, and I haven't noticed it happening with
> OA>> any other acount - just root.
> OA>> what I usually do next , is reboot the machine (since telnet doesn't allow
> OA>> me to log as root, this means going over to where the machine actually is
> OA>> - which isn't in the next room....).
>
> Just a moment, what stops you from logging in and then "sudo shutdown"?
>
> OA>> BTW - I don't have any probs loging to root localy, even when I can't get
> OA>> root access through telnet. if then I log localy, and telnet to localhost
>
> You don't need it, believe me. Most systems have root telnet access
> disabled by default. I wonder why you crippled you system so that it
> allows you such a foolish thing to do.
>
> OA>> and try to log as root, I still get 'login incorrect' .....
> OA>> any idea why this happens or how to fix it ?
>
> Don't fix what ain't broken. Login as user and then su. And use ssh.
> --
> frodo@sharat.co.il \/ There shall be counsels taken
> Stanislav Malyshev /\ Stronger than Morgul-spells
> phone +972-3-9316425 /\ JRRT LotR.
> http://sharat.co.il/frodo/ whois:!SM8333