On Fri, 2003-06-27 at 11:18, James Tison wrote: > If you're LPAR'd and you're tcp wrappered, all you should need > to do is set hosts.allow & hosts.deny properly to only allow > YOUR client in (most PAMs won't permit telnet as root, but > nothing's stopping you from su'ing to root after you've telnet'd > in), effectively making you single-user. You're going to need > to manually (or by runlevel script) shut down all the possible > fs users: sshd, httpd, etc until your backups are done. Then > just do the inverse when you're done: unset hosts.* and bring > all the services back up.
GAAAAH! If you're *running* sshd, then SSH into the box. *DON'T* telnet and then su! You're sending the root password over the wire in cleartext if you do that. That's WHY you can't telnet in as root! Adam
