Re: Allow root to telnet

[Chris Hilts <chilts@birdbrained.org>]

On Thu, Apr 18, 2002 at 11:28:28AM +0800, Michael Watts wrote:
> Hi,
> 
> I am having trouble with a few services and want to allow root to telnet
> to a Debian 2.2r5 system for testing purposes, but can not find the way
> to allow this to happen.

You really really really do not want to do this.  You don't mention if
the machine in question is on the internet, but regardless it's a bad
idea.  If you really must enable remote access, please consider using
ssh instead. Generally speaking you never want to enable remote root
logins, you should instead have a regular user account log in and then
use su.

> I have had a look through the man pages, and looked into /etc/securetty
> but get stuck there. Do I have to add an entry for telnet to securetty
> to allow root to login that way?

Yes, that is correct. By default /etc/securetty on most distributions
only permits root logins from the console. I don't believe sshd observes
/etc/securetty though, so if you decide to use ssh you'll want to take a
look at the "PermitRootLogin" parameter. (And preferably set it to "no")
 
> Also, how would I allow telnet to accessed on more than one port at a
> time. I may need to allow it on port 23 and 5555(omniback backup
> software port), but can only seem to allow one or the other, not both.
> How can I allow both 23 and 5555 to accept telnet?

A port can only be used by one application at a time. You can't have
telnet and omniback listening to port 5555 together.  There are a lot of
unused ports available, is having telnet listen to, for example, 2222 an
option?

I hope this helps.

Chris Hilts
chilts@birdbrained.org


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org