Re: Changing runlevels etc

Fri, 27 Jun 2003 10:16:20 -0700 

I SSH into the box all the time. The problem would become manifest if I try
to have an automation task from os/390 logon and attempt to do anything. I
don't have SSH available on os/390 2.10. Is there a version of Z/os where i
can do something SSH-like instead of telnet or are we still stuck with the
not quite satisfactory open ssh thing?

And for anyone who is interested, I was aware that runlevel 1 would take
the network down which is why I didn't want to do it that way. I may look
at the other 'unused' runlevels and tailor something appropriate. I hope to
GOD that veritas comes out with their linux 390 client soon. We are going
to veritas for Wintel, so we could easily integrate that.




|---------+---------------------------->
|         |           Adam Thornton    |
|         |           <[EMAIL PROTECTED]|
|         |           DU>              |
|         |           Sent by: Linux on|
|         |           390 Port         |
|         |           <[EMAIL PROTECTED]|
|         |           IST.EDU>         |
|         |                            |
|         |                            |
|         |           06/27/2003 11:26 |
|         |           AM               |
|         |           Please respond to|
|         |           Linux on 390 Port|
|         |                            |
|---------+---------------------------->
  
>------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                    
                                          |
  |       To:       [EMAIL PROTECTED]                                                  
                                    |
  |       cc:                                                                          
                                          |
  |       Subject:  Re: Changing runlevels etc                                         
                                          |
  
>------------------------------------------------------------------------------------------------------------------------------|




On Fri, 2003-06-27 at 11:18, James Tison wrote:
> If you're LPAR'd and you're tcp wrappered, all you should need
> to do is set hosts.allow & hosts.deny properly to only allow
> YOUR client in (most PAMs won't permit telnet as root, but
> nothing's stopping you from su'ing to root after you've telnet'd
> in), effectively making you single-user. You're going to need
> to manually (or by runlevel script) shut down all the possible
> fs users: sshd, httpd, etc until your backups are done. Then
> just do the inverse when you're done: unset hosts.* and bring
> all the services back up.

GAAAAH!

If you're *running* sshd, then SSH into the box.  *DON'T* telnet and
then su!  You're sending the root password over the wire in cleartext if
you do that.  That's WHY you can't telnet in as root!

Adam

Reply via email to