Re: RH Linux telnet problems

[dalvenjah () DAL NET (Dalvenjah FoxFire)]

On Thu, Apr 15, 1999 at 03:30:02AM -0800, Rui Ribeiro put this into my mailbox:

> Today, when trying to log into a machine, I mistakenly used telnet over
> ssh. True, the RH 5.2 box is configured for not allowing root login. The
> only problem is that is still asks for the password after learning root
> is logging. It denied access only after the password was introduced.
>
> It should issue a error and not ask for the password, since otherwise
> it's defeating the whole purpose of denying root telnet access. The
> purpose, of course, it's preventing the raw transmission over the
> communication media.

No, the purpose is to prevent someone who has the root password but not
a normal account password from logging into the machine as root directly.
While it's not a great layer of security, it does mean that the cracker
has to sniff/crack two passwords instead of just one to gain root access.

This is the same reason that most sane '/bin/su' programs require the
person doing '/bin/su -' to root to be in the 'root' or 'wheel' group.

These sort of restrictions were in place long before ssh or kerberos were
released.

-dalvenjah

--
 Dalvenjah FoxFire (aka Sven Nielsen)  "Command new weapons like dragons,
 Founder, the DALnet IRC Network       griffins, and eleven [sic] archers."
                                             -MacMall WarCraft II ad
 e-mail: dalvenjah () dal net             WWW: http://www.dal.net/~dalvenjah/
 whois: SN90                           Try DALnet! http://www.dal.net/