Re: telnet acces for root ?
On Thu, 15 Aug 1996, Ervin D. Walter wrote:
> David J. Evans writes:
> As a general rule, root should only be used for the actual
> administrating commands and not for things like reading email, news,
> etc... So, most people (that I know of) that administer from afar do
> something like the following. Each person that administrates (or just
> you if you like) has a real account that they telnet to. From that
> account they su to root anytime they need to be superuser. That means
> someone must crack your password *and* root's password before they get
> complete access to your system. That is why root login is disabled
> from telnet by default. It is also a good idea to have mail to root
> redirected to your real account so that root never has to read mail
> either.
>
> Good Luck,
> Erv
The flip side of this is that you may prefer to create secure
root passwords, and put appropriate /.rhost entries on these
machines. Otherwise your password is running across the net
for any packet sniffer to slurp.
Of course if your master machine is compromised, then so are the others.
IMHO the login is user then su isn't a viable method unless you are
aslo using some form of secure telnet, or one time keys, or kerberos.
Sherwood Botsford |Unsolicited email that advertises commercial
Physics Dept |activities will consitute a request for
U of Alberta |spellchecking of all words of less than three
Edmonton, AB, |characters. I charge $US500 for this service.
T6G 2J1 |There is no warranty of correctness of this service.
Reply to: