[techtalk] Fw: [grrltalk] question about remote root access

Steve Kudlak chromexa at ovis.net
Sat Oct 16 05:50:17 EST 1999 

At 04:14 AM 10/16/99 -0400, Wendt,Andrew wrote:
>On Fri, 15 Oct 1999, you wrote:
>
>>> I got a question and since I've dug around all morning with no answer, I
>>> figured I'd ask you folks. :-)
>>>
>>> I guess I've figured out that by default, Redhat (and SGI 1.1), will not
>>let
>>> you log in as root by telnetting into the system.  How do you turn this
>>off?
>>> I know we can just create a 'guest' account and then have folks su into
>>> root, but it would be more convenient if we could just login directly.  I
>>> think it has something to do with the /etc/securetty file, but I"m not
>>sure
>>> how to edit it to allow it.
>
>My system (running SuSE 6.0) has a /etc/login.defs file. In it there's a
>section:
>
># If defined, either full pathname of a file containing device names or
># a ":" delimited list of device names.  Root logins will be allowed only
># upon these devices.
># If you comment out the CONSOLE line completely, root login is possible
># from anywhere.
>#
>CONSOLE         /etc/securetty
>CONSOLE tty1:tty2:tty3:tty4:tty5:tty6:tty7:tty8
>
>If your system is also set up like this, you could just place # signs at the
>start of any lines that say CONSOLE and save the file.
>
>TTFN
>
>************
>techtalk at linuxchix.org   http://www.linuxchix.org
>


My impression is that, if you do this and if you have any connection to the
outside world, use ssh and strong passwording, and you'll be OK. As long as
you encrypt my impression you will be OK, as long as its good strong
encryption. If you have C-2 security, or logging turn it ON. But if these I
think you said this, something where it is machines in a lab that have no
connection to the outside world in a lab, and YOU TRUST people you'll be OK. 

These are my impressions, whenever I sysadmin'd a standard BSD or other
Unix which had C-2, we used strong passwords, and yes I remotely logged as
me and su'd to root. Sniffers WERE NOT a big concern then (circa 1990). I
have did biomed and technical stuff after that but no sysadmin stuff. 


					Have Fun,
					Sends Steve

chromexa at ovis.net


************
techtalk at linuxchix.org   http://www.linuxchix.org

More information about the Techtalk mailing list