I have recently installed a Linux machine at a remote customer site to serve as a masquerading firewall/router and various other things such as SMTP/POP3 spool, DNS cache, etc. I installed two modems, one for dial-out only to the local ISP and the other which has a simple mgetty listening on it for remote admin. Since I may need to dial in to this machine at unpredictable hours and from unknown places, I can't really use callback verification or time limitations to restrict dial-in access. What I have done is create an /etc/mgetty/login.config file with only the following two lines:
adminname - - /bin/login @ * - - /bin/false I have set a long and (hopefully) secure password on the 'adminname' account. My questions are: <> Is this adequate to protect from random dialers who might stumble on the modem tone and try logging in to this machine? <> Are there any other routine actions like this I should take to protect modem lines like this used only for occasional remote admin? __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
