Re: RH Linux telnet problems

[JAMESSP () SCE COM (James, Samuel P)]

The purpose of denying root telnet access is to prevent brute force attacks
on the root password.
I would assume any competent admin will be well aware of this behavior and
should already know that he can not login as root via telnet. I also would
assume any competent admin would disable telnet after installing ssh.
Installing ssh and leaving your telnet service running "defeats the purpose"
of using ssh to begin with.

Software developers can not compensate completely for the stupidity of the
admin.  Read some system administration books, what is the one thing they
all have in common? DONT USE ROOT and if you do, do it only for a damn good
reason, and for ONLY that reason.  IMHO logging in as root from ssh is no
better then logging in as root via telnet. You just shouldn't do it.

One last thing, id rather have a would be cracker spending days trying to
compromise a disabled root telnet login than finding out the first try and
moving to the next account.

Just my 2 cents
Sam James

> ----------
> From:         Rui Ribeiro[SMTP:ruka () MY-DEJANEWS COM]
> Sent:         Thursday, April 15, 1999 4:30 AM
> To:   BUGTRAQ () netspace org
> Subject:      RH Linux telnet problems
>
> Today, when trying to log into a machine, I mistakenly used telnet over
> ssh. True, the RH 5.2 box is configured for not allowing root login. The
> only problem is that is still asks for the password after learning root is
> logging. It denied access only after the password was introduced.
>
> It should issue a error and not ask for the password, since otherwise it's
> defeating the whole purpose of denying root telnet access. The purpose, of
> course, it's preventing the raw transmission over the communication media.
>
> Regards,
> Rui
>
> ---
> Rui Fernando Ferreira Ribeiro
> IT Consultant
> CASE
>
>
>
>
>
>
> -----== Sent via Deja News, The Discussion Network ==-----
> http://www.dejanews.com/  Easy access to 50,000+ discussion forums