Bugtraq mailing list archives
Re: RH Linux telnet problems
From: dalvenjah () DAL NET (Dalvenjah FoxFire)
Date: Thu, 15 Apr 1999 12:31:11 -0700
On Thu, Apr 15, 1999 at 03:30:02AM -0800, Rui Ribeiro put this into my mailbox:
Today, when trying to log into a machine, I mistakenly used telnet over ssh. True, the RH 5.2 box is configured for not allowing root login. The only problem is that is still asks for the password after learning root is logging. It denied access only after the password was introduced. It should issue a error and not ask for the password, since otherwise it's defeating the whole purpose of denying root telnet access. The purpose, of course, it's preventing the raw transmission over the communication media.
No, the purpose is to prevent someone who has the root password but not a normal account password from logging into the machine as root directly. While it's not a great layer of security, it does mean that the cracker has to sniff/crack two passwords instead of just one to gain root access. This is the same reason that most sane '/bin/su' programs require the person doing '/bin/su -' to root to be in the 'root' or 'wheel' group. These sort of restrictions were in place long before ssh or kerberos were released. -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) "Command new weapons like dragons, Founder, the DALnet IRC Network griffins, and eleven [sic] archers." -MacMall WarCraft II ad e-mail: dalvenjah () dal net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/
Current thread:
- Re: RH Linux telnet problems James, Samuel P (Apr 15)
- <Possible follow-ups>
- Re: RH Linux telnet problems Alessandro Rubini (Apr 15)
- Re: RH Linux telnet problems Dalvenjah FoxFire (Apr 15)
- Re: RH Linux telnet problems Jamie Lawrence (Apr 15)
- Re: RH Linux telnet problems John D. Hardin (Apr 15)