HPE Community
Operating System - Linux
1826415 Members
3942 Online
109692 Solutions
New Discussion

Re: Mandrake - root account network login

 
SOLVED
Go to solution
Richard Horton
Advisor

‎09-25-2000 11:09 AM

‎09-25-2000 11:09 AM

Mandrake - root account network login

I need to be able to telent to my linux box and login as root (I do not want to su to root). Everytime I try its says invalid password. I know this has something to do with security. How do I change this so I can login to root on a standard telnet session to my redhat linux 6.1 box?
SCO veteran converting to HP UX
0 Kudos
Reply
7 REPLIES 7
Marco Hernandez_1
Advisor

‎09-25-2000 04:49 PM

‎09-25-2000 04:49 PM

Solution

Re: Mandrake - root account network login

Be sure you have a backup of it in case you want to undo the accion
Hi, It is very simple, just delete this file:

/etc/securetty

and thats all, you will be able to do remote root logins.
Reply
Jason Wohlgemuth_1
Occasional Advisor

‎10-24-2000 08:50 PM

‎10-24-2000 08:50 PM

Re: Mandrake - root account network login

I strongly reccomend not doing this.
There is a reason you su to root. I know it is an annoyance but get used to it.
Reply
Tom Emerson
Advisor

‎10-24-2000 11:39 PM

‎10-24-2000 11:39 PM

Re: Mandrake - root account network login

Generally speaking, most distributions (if not all, by now) do NOT enable the "root" user logon via "telnet". The primary reason being is that the password is sent "in the clear", so if anyone has a means to put a sniffer on your network, they'll have your password the next time you log in.

(it's quite easy with most sniffers nowadays to set a "trigger condition" of "user logged on with root", then watch the next few packets to determine the password -- once set, this little demon waits patiently for "root" to come strolling by...)

That said, even using "su -" via telnet SUFFERS FROM THE SAME FLAW! "telnet" data is sent completely "in the clear", so now all the would-be interloper has to do is "sniff" for the case where "user typed 'su' at a command prompt" and capture the resulting password. Technically no more difficult than the above, but functionally just a little bit more difficult [recognizing that "su" was at a command prompt and not "part of" some other input]

If you REALLY MUST log on as root from a remote location, head on over to openssh and/or ssh.org -- there are free and low-cost versions of the "secure shell" [ssh] that allow "root" logins from remote consoles. Essentially, the "secure" version uses SSL technology to encrypt the data stream, so even if a sniffer is employed, the data stream itself is garbage and (so far) exceptionally difficult to "crack".

[sorry I don't have URLS handy -- but any decent search engine will give you more than you could possibly deal with...]
Reply
Tom Emerson
Advisor

‎10-24-2000 11:40 PM

‎10-24-2000 11:40 PM

Re: Mandrake - root account network login

Generally speaking, most distributions (if not all, by now) do NOT enable the "root" user logon via "telnet". The primary reason being is that the password is sent "in the clear", so if anyone has a means to put a sniffer on your network, they'll have your password the next time you log in.

(it's quite easy with most sniffers nowadays to set a "trigger condition" of "user logged on with root", then watch the next few packets to determine the password -- once set, this little demon waits patiently for "root" to come strolling by...)

That said, even using "su -" via telnet SUFFERS FROM THE SAME FLAW! "telnet" data is sent completely "in the clear", so now all the would-be interloper has to do is "sniff" for the case where "user typed 'su' at a command prompt" and capture the resulting password. Technically no more difficult than the above, but functionally just a little bit more difficult [recognizing that "su" was at a command prompt and not "part of" some other input]

If you REALLY MUST log on as root from a remote location, head on over to openssh and/or ssh.org -- there are free and low-cost versions of the "secure shell" [ssh] that allow "root" logins from remote consoles. Essentially, the "secure" version uses SSL technology to encrypt the data stream, so even if a sniffer is employed, the data stream itself is garbage and (so far) exceptionally difficult to "crack".

[sorry I don't have URLS handy -- but any decent search engine will give you more than you could possibly deal with...]
Reply
Tom Emerson
Advisor

‎10-24-2000 11:40 PM

‎10-24-2000 11:40 PM

Re: Mandrake - root account network login

Generally speaking, most distributions (if not all, by now) do NOT enable the "root" user logon via "telnet". The primary reason being is that the password is sent "in the clear", so if anyone has a means to put a sniffer on your network, they'll have your password the next time you log in.

(it's quite easy with most sniffers nowadays to set a "trigger condition" of "user logged on with root", then watch the next few packets to determine the password -- once set, this little demon waits patiently for "root" to come strolling by...)

That said, even using "su -" via telnet SUFFERS FROM THE SAME FLAW! "telnet" data is sent completely "in the clear", so now all the would-be interloper has to do is "sniff" for the case where "user typed 'su' at a command prompt" and capture the resulting password. Technically no more difficult than the above, but functionally just a little bit more difficult [recognizing that "su" was at a command prompt and not "part of" some other input]

If you REALLY MUST log on as root from a remote location, head on over to openssh and/or ssh.org -- there are free and low-cost versions of the "secure shell" [ssh] that allow "root" logins from remote consoles. Essentially, the "secure" version uses SSL technology to encrypt the data stream, so even if a sniffer is employed, the data stream itself is garbage and (so far) exceptionally difficult to "crack".

[sorry I don't have URLS handy -- but any decent search engine will give you more than you could possibly deal with...]
Reply
Tom Emerson
Advisor

‎10-24-2000 11:40 PM

‎10-24-2000 11:40 PM

Re: Mandrake - root account network login

Generally speaking, most distributions (if not all, by now) do NOT enable the "root" user logon via "telnet". The primary reason being is that the password is sent "in the clear", so if anyone has a means to put a sniffer on your network, they'll have your password the next time you log in.

(it's quite easy with most sniffers nowadays to set a "trigger condition" of "user logged on with root", then watch the next few packets to determine the password -- once set, this little demon waits patiently for "root" to come strolling by...)

That said, even using "su -" via telnet SUFFERS FROM THE SAME FLAW! "telnet" data is sent completely "in the clear", so now all the would-be interloper has to do is "sniff" for the case where "user typed 'su' at a command prompt" and capture the resulting password. Technically no more difficult than the above, but functionally just a little bit more difficult [recognizing that "su" was at a command prompt and not "part of" some other input]

If you REALLY MUST log on as root from a remote location, head on over to openssh and/or ssh.org -- there are free and low-cost versions of the "secure shell" [ssh] that allow "root" logins from remote consoles. Essentially, the "secure" version uses SSL technology to encrypt the data stream, so even if a sniffer is employed, the data stream itself is garbage and (so far) exceptionally difficult to "crack".

[sorry I don't have URLS handy -- but any decent search engine will give you more than you could possibly deal with...]
Reply
Tom Emerson
Advisor

‎10-24-2000 11:42 PM

‎10-24-2000 11:42 PM

Re: Mandrake - root account network login

AAACCCKKK!!! HP's web page is hosed!

(I kept getting some sort of wierd "sendmail failed -- got response of 'we don't relay'" error message) Sorry for the dupes -- I really thought they didn't actually "send"...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.