Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

root login



On Fri, 20 Aug 1999, Chuck Young wrote:

I agree that in general, it is a good idea to use ssh.  However one must
consider that not all admins/users/environments require this level of
security, and some will simply not function with this level of security.
Typically univerities fall into this category for various
reasons (I noticed the poster's .edu e-mail address so I assume
this is at a university). Unix/Linux is all about choice.

The answer to the question is delete /etc/securetty (not recommended
except for relaxed security sites) or add the names of the pseudo
terminals that you expect to log in from to it.

Now that you know, consider how much security you need, and decide wether
or not you should use ssh, which provides encrypted connections for
accessing machines like a telnet session, and also can forward TCP/IP
connections on random ports over ssh connections. It's a very cool thing.

RPMs for ssh can be had at http://www.replay.com and the source should be
there too, so you can either build it or rpm it.  The rpms are nice and
create host keys for you automatically, too.


> Jim,
> 
> Although you can comment something called securetty (I think) to allow
> non-console root logins, I cannot help but wonder why you would want to do
> such a thing.  I would install ssh and disable telnet altogether.  No, I
> would REMOVE it altogether.  I would ssh to my box and log in as a
> non-priveledged user and then su to root.
> 
> It's pretty secure, it's free and it's easy to do.  If you need
> pointers on how to accomplish this, let us know and we can help.  Is there
> a reason you need to allow root logins remotely?
> 
> I think ssh is the first thing even a newbie should build and install.  It
> gives you a tremendous rush to type a few commands and watch
> autoconfiguration, make and gcc dump all that junk onto the screen.  Once
> you do it on your own, it's fun to show others how easy it is.  I have not
> built 2.x, but 1.2.27 hums right along.
> 
> Perhaps I'm assuming too much and you are doing parallel processing or
> something like that?
> 
> Chuck Young
> GTE Internetworking
> 
> On Fri, 20 Aug 1999, James Dow wrote:
> 
> > Date: Fri, 20 Aug 1999 09:35:47 -0400
> > From: James Dow <jdow at coe.neu.edu>
> > To: BLU DISCUSS <discuss at Blu.Org>
> > Subject: root login
> > 
> > Hello again,
> > 
> > 
> > I was wondering if anyone could tell me how to allow root login away from
> > the console on RH6.0.
> > I know in solaris you can edit /etc/default/login and comment out
> > CONSOLE=/dev/console but I do not
> > know how or if you can in linux. Any help would be greatly appreciated.
> > 
> > 
> > 
> > Thanks
> > 
> > 
> > Jim
> > 
> > -
> > Subcription/unsubscription/info requests: send e-mail with
> > "subscribe", "unsubscribe", or "info" on the first line of the
> > message body to discuss-request at blu.org (Subject line is ignored).
> > 
> 
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

Derek D. Martin   |  UNIX System Administrator
derek at netria.com  |  dmartin at lancity.com

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org