Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-03-2002, 06:49 PM
|
#1
|
LQ Newbie
Registered: May 2002
Posts: 3
Rep:
|
Login thru telnet as root
Can someone tell me if it is possible (if so how) to change the security so that someone telneting to the machine can login as root.
Currently it says that the login is incorrect.
|
|
|
05-03-2002, 08:04 PM
|
#2
|
Member
Registered: Feb 2002
Location: Mission Viejo, California, USA
Distribution: Gentoo
Posts: 707
Rep:
|
Just telnet as a normal user, then use "su" to become root. Careful though, this is insecure. ssh is more secure than telnet.
Last edited by zmedico; 05-03-2002 at 08:06 PM.
|
|
|
05-03-2002, 08:13 PM
|
#3
|
LQ Newbie
Registered: May 2002
Posts: 3
Original Poster
Rep:
|
I could do that but I am trying to do some automation with Perl.
I only need to run one command so I would rather login as root and not have to change users.
Dont want to use SSH as at some point I will need to be able to access other systems that do not support SSH.
|
|
|
05-03-2002, 10:52 PM
|
#4
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
i believe you can edit your /etc/securetty file accordingly...
|
|
|
05-04-2002, 07:12 AM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
...is this what I read between the lines...
I could do that but I am trying to do some automation with Perl. I only need to run one command so I would rather login as root and not have to change users.
Aka "I don't care about compromising security as I'm lazy *and* single minded as well, and would only like to finish this task, so don't stop bothering me and answer my question."
Dont want to use SSH as at some point I will need to be able to access other systems that do not support SSH.
Aka "I think I have an excuse for *not* using SSH, and I don't care how feeble it is and I don't know how to operate SSH."
There is *no* excuse degrading your boxes security by allowing plaintext telnet traffic as user or root, if you are working on a LAN with access to the internet or a LAN that has untrusted users on it, so I urge you to trade telnet access in for SSH. Allowing telnet is a Bad Thing, and allowing root to telnet in opens your boxes up to password guessing for example by brute force attacking.
|
|
|
05-04-2002, 11:11 AM
|
#6
|
Member
Registered: Dec 2001
Location: Kent in UK
Distribution: Fedora 2
Posts: 170
Rep:
|
You can comment out the line in /etc/pam.d containing
pam.securitty.so. The 1st line in RH 7.2 i use.
The use of telnet is frowned on as insecure. If you are not
connecting the compuer to the wide world should be ok
otherwise risky especialy as root!!
|
|
|
05-07-2002, 01:05 PM
|
#7
|
Member
Registered: May 2001
Posts: 125
Rep:
|
Quote:
I only need to run one command so I would rather login as root and not have to change users.
|
First, there are some ways around this. write a script that runs the command then suid it root. This is at least more secure than transmitting your password so the whole world can see it. This can be done in c with about 3 minutes worth of work
|
|
|
05-07-2002, 07:34 PM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
write a script that runs the command then suid it root.
...ok, so for instance you don't check your input and someone attaches some extra arguments... Sure it won't allow users to fsck up major?
|
|
|
05-07-2002, 07:38 PM
|
#9
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
|
just rename the /etc/secruretty to something else like /etc/securetty.old if the /etc/securetty file can't be found, then by default root can log in from anywhere, but i wouldn't recommend doing this too often unless you don't care if your computer is hacked. after all it's your system, you can do with it whatever you want
|
|
|
05-08-2002, 01:25 AM
|
#10
|
Member
Registered: May 2001
Posts: 125
Rep:
|
Quote:
...ok, so for instance you don't check your input and someone attaches some extra arguments... Sure it won't allow users to fsck up major?
|
well, first, its better then telnetting root.
second, you can control the permisions of the script so only a certian user can run it.
i agree its not the best option out there, but its better then the alternitives presented so far.
|
|
|
05-08-2002, 11:42 AM
|
#11
|
Moderator
Registered: May 2001
Posts: 29,415
|
()but its better then the alternitives presented so far.
I disagree. The best alternative, as presented in the 1st reply, is to use *ssh*.
|
|
|
05-09-2002, 01:12 PM
|
#12
|
LQ Newbie
Registered: May 2002
Posts: 3
Original Poster
Rep:
|
Thanks for all the help.
As the machines are in our internal QA lab I have no issues about security. So I went with the option of changing /etc/securetty
|
|
|
All times are GMT -5. The time now is 05:56 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|