topic Re: telnet/root in Operating System - Linux

telnet/root

Nobody's Hero — Sat, 26 Jul 2003 22:11:49 GMT

When I login directly into my RH8 system from the console, as root, I have no problem. When I telnet to this system and login as root, it denies me. How can I change this so I can login as root from a telnet session even though I know you should always su to root.

10x
RPM

Re: telnet/root

Steven E. Protter — Sun, 27 Jul 2003 01:52:55 GMT

This is an installation default of Red Hat 8.

Console root login is permitted, telnet root login is not.

The reason for this is because telnet transmits passwords back and forth to the terminal in clear text, even if that person is on the other end of the public internet.

This makes your root password vulnerable.

You really should not change this default. You can use secure shell, PuTTY windows client and do direct login as root.

Now that I've lectured you, here is how to change it, should you wish to compromise security.

There is a file called /etc/securetty

In it is a list of the terminals root is allowed to login on. Add the terminals or psuedo terminals that telnet uses to this file.

Please don't do this.

I will be happy to provide you information on how to do what you wish securely.

Steve "I work for points" Protter
SEP

Re: telnet/root

Balaji N — Sun, 27 Jul 2003 02:01:30 GMT

sorry to jump in. Nice response "I want points" SEP.

But the reason why direct root login is disabled is not because of passwords being transferred over plain text.

Even if he logins in as a normal user and then does a su, the password can be trapped.

the whole idea is that a hacker needs to break in two passwords to get root access on a box. it kind of increases the security, which anyhow was not there.

and ssh is the way to go.

cheers
-balaji

Re: telnet/root

Avinoam — Sun, 27 Jul 2003 04:56:54 GMT

there are 2 ways :

1.
you can edit the /etc/pam.d/rlogin file and comment out the line:

auth required /lib/security/pam_securetty.so

which will disable the use of the securetty file altogether.
( Very much _not_ recommended, but I thought I should mention it )

2.
if you edit /etc/securetty
and add pts[0-f] ( formerly ttyp[0-f] ) you should be able to login as
root via telnet.

Re: telnet/root

Claudio Cilloni — Sun, 27 Jul 2003 11:20:25 GMT

I agree with SEP, using ssh is a good idea. Another useful thing of ssh (at least for me) is that it lets you to remote login without typing password; It does this in a secure way generating a RSA public key stored in the remote machine. I do this in my private (thrusted) network, but not for the root user! Typing root password remebers me one more time that I'm becoming sysadmin.

'man ssh' explains everything.

Ciao
Claudio

Re: telnet/root

Sunil Sharma_1 — Mon, 28 Jul 2003 04:26:27 GMT

Hi,

I am also facing same problem and after taking mantion steps also i am not able to login through telnet.

/etc/pam.d/rloging and /etc/secutty file is attached.
Please look into these files and tell me where i am wrong.

Thansk in advance

Sunil

Re: telnet/root

Balaji N — Mon, 28 Jul 2003 09:22:51 GMT

dont touch ur pam files until u really know what u are doing, else ur probably going to land with a system which doesnt allow u to login.

my bit of caution.
-b-

Re: telnet/root

Caesar_3 — Mon, 28 Jul 2003 19:26:29 GMT

Hello!

If the security doesn't metter to you
you can remove the /etc/securetty
then all would allowed.

Caesar