Re: SSH logins only
From: Mario Stargard (mstargard_at_myprivacy.ca)
Date: 02/15/05
- Previous message: Richard Zoller: "Re: RMC on DS20E or ES40"
- In reply to: TCH: "Re: SSH logins only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 14 Feb 2005 21:39:24 -0500
TCH wrote:
> it's this the /etc/securettys file of course.....
> "TCH" <noggood1@nogood.com> wrote in message
> news:420f1c90$0$503$626a14ce@news.free.fr...
>
>>Try to edit this file:
>>
>>#cat securettys
>>
>>/dev/console
>>local:0
>>:0
>>
>>And set sshd option "permit root login" to yes (the default one i suppose)
>>+ restart sshd
>>
>>"Jack Patteeuw" <jjpatteeuw@earthlink.nospamme> wrote in message
>>news:LrpPd.10017$oO.4010@newsread2.news.atl.earthlink.net...
>>
>>>On Tru64 V5.1B, how do I limit remote root logins to SSH (PuTTY) logins
>>>ONLY ! (i.e. no telnet, no rsh, no rexec, no remote anything)
>>
>>
>
>
If the ptys aren't trusted, I don't think you'll be able to actually
login. You can pass commands to ssh; even /bin/sh. But actually
logging in won't work, unless the stock sshd is different than the one I
compiled.
One should disallow all telnet sessions, even if root can only log in
using ssh. This is because the attempt of logging in as root using
telnet will be passed over the network in the clear.
If you have regular users using telnet, then restricting root to only
use ssh isn't going to do much for the security posture, in my opinion.
Regular accounts with clear passwords on the wire are a threat because
many exploits require you to start with regular user privileges.
If you are forced to use telnet, look at other options like ipsec.
Mario
- Previous message: Richard Zoller: "Re: RMC on DS20E or ES40"
- In reply to: TCH: "Re: SSH logins only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
