https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197372#M10066 Just wanted to add 2 cents to the security thread here. I don't see how logging in with telnet as userx and running "su - root" is more secure than logging in directly as root. Someone snooping your network is going to get your passwords regardless. Fri, 20 Feb 2004 13:39:27 GMT Paul Cross_1 2004-02-20T13:39:27Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197365#M10059 In our system , the root can't login directly , it can only login as gerenal user then "su" to root , how to make the root user can login directly ? thx. Fri, 20 Feb 2004 01:06:02 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197365#M10059 peterchu 2004-02-20T01:06:02Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197366#M10060 Remove /etc/securetty or add all the terminals that you want root to be able to log in from.<BR /> <BR />This file contains a list of terminals root can log on to. Fri, 20 Feb 2004 02:44:45 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197366#M10060 Mark Grant 2004-02-20T02:44:45Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197367#M10061 thx reply , for the second method , I want my pc can login as root through the telnet function , what terminaal that I should add to ? thx. Fri, 20 Feb 2004 02:54:24 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197367#M10061 peterchu 2004-02-20T02:54:24Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197368#M10062 This might get a bit irritating for you and isn't particularly secure but you have to add all the "pseudo" tty's that you are likely to use. If you only have a few users then it's not so bad though.<BR /><BR />You could start off by adding these<BR /> <BR />pts/0<BR />pts/1<BR />pts/2<BR />pts/3<BR />pts/4<BR />pts/5<BR />pts/6<BR />pts/7<BR /> <BR />If you find you run out and you can't log in, just add more of them.<BR /> <BR />To find out what tty you are currently using run "tty". However, you may well get a different pseudo tty each time you connect. You just have to add all of the ones you are likely to use.<BR /> Fri, 20 Feb 2004 03:01:34 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197368#M10062 Mark Grant 2004-02-20T03:01:34Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197369#M10063 Don't do this. This is not at all advised. <BR /><BR />edit /etc/securetty and add<BR />pts/0<BR />pts/1<BR /><BR /><BR /> Fri, 20 Feb 2004 04:43:53 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197369#M10063 PVR 2004-02-20T04:43:53Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197370#M10064 This si an extra layer of security. Please bear with this it will help you if somebody will play with your system.<BR /><BR />even if you want to login as root from PC put the entries in /etc/securtty file.<BR /><BR /><BR />Sunil Fri, 20 Feb 2004 04:48:11 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197370#M10064 Sunil Sharma_1 2004-02-20T04:48:11Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197371#M10065 I'd go with Mark Grant's advise rather than PVR's since if (for example) you use X and open a terminals there - then each terminal would occupy respective /dev/ptsX and you may simply run out of the permitted terminals .To see who's logged and where use the w command.<BR />As for security -since you do enable telnet not to mention for root-I understand that the security is not the issue here. Fri, 20 Feb 2004 08:03:24 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197371#M10065 Alexander Chuzhoy 2004-02-20T08:03:24Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197372#M10066 Just wanted to add 2 cents to the security thread here. I don't see how logging in with telnet as userx and running "su - root" is more secure than logging in directly as root. Someone snooping your network is going to get your passwords regardless. Fri, 20 Feb 2004 13:39:27 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197372#M10066 Paul Cross_1 2004-02-20T13:39:27Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197373#M10067 If you use SSH<BR /><BR />/etc/ssh/sshd_config<BR /> PermitRootLogin yes Fri, 20 Feb 2004 14:36:58 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197373#M10067 Olivier Drouin 2004-02-20T14:36:58Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197374#M10068 You really should have a look at ssh for root logins. It gives you all that telnet does, but since the password is sent encrypted it is much more secure.<BR /><BR />Basic usage: ssh root@<MY host="" here=""><BR /><BR />Greetings, Martin</MY> Fri, 20 Feb 2004 21:22:21 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197374#M10068 Martin P.J. Zinser 2004-02-20T21:22:21Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197375#M10069 pcross --<BR /><BR />Requiring an "su" keeps somebody from brute-forcing the root password remotely. You're right that if they eavesdrop the connection that they get it either way. But with root-enabled telnet it's possible for an attacker to keep trying root passwords forever across the network and eventually they'll get in.<BR /><BR />So disabling root access from telnet (or ssh for that matter) adds at least one more step somebody has to go through to own the system.<BR /> Fri, 20 Feb 2004 22:09:30 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197375#M10069 Mark Travis 2004-02-20T22:09:30Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197376#M10070 hi there,<BR /><BR />i suggest you use ssh... <BR />ssh [ip add] you can remote log in as root directly and offers security as well.<BR /><BR />rgds,<BR />Bong Sat, 21 Feb 2004 08:57:55 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197376#M10070 bong_3 2004-02-21T08:57:55Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197377#M10071 Mark Travis:<BR />But is ssh really any different? I could sit and type root passwds for root-enabled ssh until my fingers are nubs. Mon, 23 Feb 2004 13:14:33 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197377#M10071 Paul Cross_1 2004-02-23T13:14:33Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197378#M10072 Many responders have missed the point of having an /etc/securetty file. Logging in as root using telnet, remsh or rsh does not leave an audit trail. However, if you log into a private user, and use the su command, this is logged in the syslog file. This is part and parcel of any reasonably secure system. In a shop where multiple people have the root account, merely looking at this log tells you who actually was on the system when it was screwed up. <BR />As a rule, secure shell is a superior way to go, as it also writes logs, but if its configured properly will not challenge for a password, yet still be secure.<BR /><BR /><BR />Chris Mon, 23 Feb 2004 17:39:05 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197378#M10072 Chris Vail 2004-02-23T17:39:05Z https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197379#M10073 Hello,<BR /><BR />also to note, there is a root on every unix system I ever worked on, so this is a known good account to attack. Throwing in a "normal" user account in between means one more thing to guess for an outside attacker (does not help against internals though).<BR /><BR />Greetings, Martin Mon, 23 Feb 2004 21:40:38 GMT https://community.hpe.com/t5/operating-system-linux/login-as-root/m-p/3197379#M10073 Martin P.J. Zinser 2004-02-23T21:40:38Z