Guys, it's the same old mantra every time folks want to turn this back on...
"Don't do it... do yourself a favor and use ssh... you don't want to do
that."
etc.
While I applaud folks telling everyone there is a better alternative for 95%
of the folks who need to turn it on (and yes, Openssh is a better
alternative!)
there are occasional REAL requirements to having this turned on. For
example, I have
a requirement that I be able to rsh to root on a local machine. Now, that's
as
insecure as you can get.... the machine is wide open to anyone with any
skill. BUT....
1) the machine is on an internal private network, in a locked vault.
2) you have to be physically located on one of three other machines
to be able to access that network.
3) all three of those OTHER machines are also in the same locked vault,
with one of them being further in a locked room in the locked vault. Only
two keys exist to that room... I wear one around my neck.
4) the locked vault is in a building that has restricted access to begin
with,
with a guard (notice the email address I'm writing from).
5) the only exception to the hierarchy of getting into that machine is
through
one of our supercomputers which is on the same network; it can be accessed
externally
from a different network which uses special encryption. Oh, and that
machine
doesn't do routing... to get to the Linux box in question, you have to
already
have compromised my most secure system, with a different OS, first, but you
can only do that by compromising an encrypted network, which can only be
done at special facilities.... i.e., it's not going to happen. And even
if it did, there is nothing of value on THAT machine... it's used as a
terminal
to the supercomputer.
Why do I need to have root rsh access? Because I do a SAN backup of my
machines...
and the software chosen was Veritas Netbackup, which has a weird quirk with
RH6.2 in my particular implementation...
Openssh doesn't work for this properly for various reasons; logging in as
a different user and su'ing is fine for sysadmin duties, but doesn't work
for automated logins... so my choice is to modify my config files to
allow root logins.
Bill Ward
-----Original Message-----
From: Vidiot [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 06, 2001 10:28 AM
To: [EMAIL PROTECTED]
Subject: Re: root remote login
Jerry posted:
>Red Hat told me that logging in remotely as root had been turned off in RH
>6.2 for security reasons. Anyone know where the file is to turn it back
on?
Do yourself a big favor and do not attempt to turn on root login from
anywhere
other than the console. Otherwise you will create the biggest security hole
around.
As pointed out, log in as a regular user and then "su -" to root.
MB
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
