On Mar 10, 2007, at 11:16 PM, Wojciech Puchar wrote:

can it be set to make possible to login root to machine through telnet and without telneting to some user and then su -
?

with sshd and rshd it can be set, with telnetd - no success.

once again - can someone answer my question instead of giving very "intelligent" comments?

Not sure. If I'm reading ttys(5) correctly though this is the section of interest:

``secure'' (if ``on'' is also specified) allows users with a uid of 0 to
login on this line. The flag ``dialin'' indicates that a tty entry describes a dialin line, and ``network'' indicates that a tty entry pro- vides a network connection. Either of these strings may also be speci- fied in the terminal type field. The string ``window='' may be followed by a quoted command string which init(8) will execute before starting the
     command specified by the second field.

So I think that the following would be valid (but possibly dangerous if you use other login daemons like rshd, sshd for logging in remotely); that may be fixable with a firewall though and specific rules to each daemon though.

In ttys (near bottom), instead of:

ttyp0 none network

try:

ttyp0 none network on secure

and repeat for the rest of the ttys you wish to enable the option for.

Why not use root login with telnet or standard getty through serial though :\?
-Garrett
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to