Telnet Login Root.
Kevin Buettner
kev@primenet.com
Thu, 1 Mar 2001 15:00:42 -0700
On Mar 1, 2:11pm, der.hans wrote:
> Am 01. Mar, 2001 schwäzte Sir Edward James William so:
>
> > I want to login remotly and add users through telnet.
> >
> > I can get a telnet connection and login with other user accounts I configed.
> > However I cant, login remotly through telnet as root
>
> Good. Since the advent of ssh (especially OpenSSH) using telnet to login
> is evil. Uninstall the telnet deamon altogether and use ssh
> instead. Telnet leaves data like your passwd in clear text for others to
> sniff. Same with the 'r' services. ssh provides the functionality and
> encrypts everything. It also allows you to securely tunnel x apps back to
> your workstation.
>
> www.OpenSSH.com
>
> ssh is available for many platforms and is also available as a java
> app. Several PDAs have sh capabilities.
First, let me say that I agree with everything that Hans and others
have said regarding the incredible goodness of ssh, the evilness of
telnet, and the supreme evilness of attempting to log in as root via
telnet.
But let's suppose you still want to do it anyway. (Or suppose that
you want to know the answer for purely academic reasons.)
The file that specifies which devices root may log in from is
/etc/securetty. This file lists, one per line, the name of each
device that may host a root login. On my Red Hat 7 box, /etc/securetty
contains lines of the following form:
vc/1
vc/2
...
vc/11
tty1
tty2
..
tty11
My Red Hat 6.2 box contains only the tty* lines. (This is because the
/dev layout is slowly changing with the advent of the 2.4.X kernels.
and Red Hat 7 is 2.4.X-ready.) If you wanted to allow telnet logins,
you would (I think) list the names of the pseudo-terminal devices in
addition to the console devices already listed. (I haven't tried it,
so take my answer with a grain of salt.)
Finally, I'll conclude by reminding you that if your really want to
log in as root, either use the system console or ssh in as yourself
and then su to root. The information I provided above was for purely
academic purposes.
See ``man securetty'' and ``man login'' for more information.
Kevin