Verious 2 is current. > > This is a multi-part message in MIME format... > > ------------=_1000332475-7607-3198 > Content-type: text/plain; charset=us-ascii > Content-Disposition: inline > > > What Mr. Vetters explains on his mail is very true. > > You should always try to use ssh and sftp (and in general any s-flavor comm > program). > > This comment applies if you are working on the Internet, but if you are on > a private network, behind a firewall, you could use the unsecure flavors. > In any case you should not enable root access to telnet or ftp. su-ing like > Mr. Bart Vetters has stated is insecure if you suspect that you have > someone in your network that wants your root password really bad, as it is > very easy to write a sniffing or spoofing program (even though sequence > cracking on Linux is more difficult than NT it is still vulnerable). > Spoofing is very hard to eliminate so you should try to shut off any rpc > (or alike) services. > Nevertheless, as stated before if you are on your own little private > network don't bother with all of this stuff, but you should be very > carefull if you are exposed to the Internet or there are malintentioned > users on your LAN. > > There is an excelent book (there are many!) on Linux Security called > MAXIMUM Linux Security from SAMS - ISBN 0-672-32134-3 > Everyone should have a copy. It's very easy to read and precise. A must > have for exposed machines. > > Saludos, > Alejandro Imass > > And no, I don't work for SAMS press ;-] > > > > > > > > Bart Vetters <[EMAIL PROTECTED]> on 12/09/2001 04:51:47 PM > > Please respond to Bart Vetters <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > cc: (bcc: Alejandro Imass/MPR de Venezuela S.A.) > Subject: Re: [expert] Cannot telnet or FTP in as root > > > > > Hi, > > logging in as root over telnet or ftp is disabled by default. This is done > for security reasons, as both these protocols transmit data (including > passwords) in clear text over the network and it is trivial to collect > passwords from a telnet or ftp stream. Please note that logging in as a > user and then su'ing to root, as several people suggested, does not help in > any way - you're still typing root's password over an unencrypted > connection. > > The way root is kept from logging in via an insecure terminal (or > pseudo-terminal, as in telnet or ftp) is that /bin/login checks for the > presence of a file /etc/securetty that lists the terminals root is allowed > to log in on. If /etc/securetty is not present, root can log in via every > terminal. If it is present and empty, root can not log in anywhere except > the console. If any terminals are listed in the file, root can log in via > those and the console. The manpage on login has more information. > > So, if you want to live dangerously, remove /etc/securetty and root can log > in from anywhere. In the real world, use ssh. :) > > CU > > Bart > > -- > ---------------------------------------------- > Bart Vetters | [EMAIL PROTECTED] > KMI - IRM | Tel.: +32.2.373.04.77 > Ringlaan 3 | Fax.: +32.2.373.06.57 > 1180 Brussel | Pubkey ID: C182DF19 > ---------------------------------------------- > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > > > > > > > > > > ------------=_1000332475-7607-3198 > Content-Type: text/plain; name="message.footer" > Content-Disposition: inline; filename="message.footer" > Content-Transfer-Encoding: 8bit > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > > ------------=_1000332475-7607-3198-- >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
