Telnet root login
Julian Elischer
julian at elischer.org
Wed Mar 25 17:14:42 PDT 2009
Chuck Robey wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Julian Elischer wrote:
>> Ian FREISLICH wrote:
>>> Barney Cordoba wrote:
>>>>> Barney, you have to make the network pseudo ttys secure,
>>>>> like:
>>>>>
>>>>> ttyp0 none network secure
>>>>>
>>>>> Ruben
>>>> Yes, the "its not a good idea" is dependent on whatever other
>>>> security you have in place. Having to log in twice to a test
>>>> machine on a secure internal network is an unnecessary annoyance.
>>>> The concept that every FreeBSD box in existence is publically accessible
>>>> is one of those ASSumptions that people should leave at the door.
>>>>
>>>> Ruben, the method you cite no longer works in -current as they've
>>>> changed things once again (which happens way too often when your CEOs
>>>> are a bunch of bearded academics :)
>>>>
>>>> I'm not sure if its the pty (the login terminal shows as pty/0 and no
>>>> longer ttyp0), or if its some PAM thing. Its rather annoying.
>>>> Such things as
>>>> pty/0 none network secure
>>>> pty0 none network secure
>>>>
>>>> equally don't work. And I see no mention in any document as to how it
>>>> would be achieved with the current
>>> Then use ssh and set "PermitRootLogin yes" in /etc/ssh/sshd_config
>> this doesn't work if you are usinf a set of machines run from a central
>> machine using nc (netcat) to do scripted i/o through a telnet session on
>> the other machines (for example).
>>
>> The advantage of telnet is you can pipe nc straight into it.
>
> Julian, I don't know nc, but can't you stick keys in your ~/.ssh, then use ssh
> the same way? Doing without passwords, but keeping your security, inside nc? I
> think, at minimum, you could use ssh forwarding, but doesn't nc allow this
> directly? I just hate the idea of killing all the security, and hadn't yet seen
> any (even wildly unlikely) scenario that needs you to do that.
>
> I begin to suspect that there might be a whole lot of folks who aren't aware of
> how to use ssh to eliminate passwords. Security writeups are always too
> complicated, that's a truism.
Oh I know about SSH and keys but teh ability to pipe data into s tcp
socket and have it fed into another process is really useful in
testing. and of course no encryption overhead.
>
>>> Ian
>>>
>>> --
>>> Ian Freislich
>>> _______________________________________________
>>> freebsd-current at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>>> To unsubscribe, send any mail to
>>> "freebsd-current-unsubscribe at freebsd.org"
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (FreeBSD)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAknKwg4ACgkQz62J6PPcoOnHGwCfSoXjcZutte69n/m7kVOFea2X
> 6xYAn0z14igUW4pebFj8oSfsOWrW4Jbq
> =NWWf
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
More information about the freebsd-current
mailing list