Bugtraq mailing list archives
Re: RH Linux telnet problems
From: JAMESSP () SCE COM (James, Samuel P)
Date: Thu, 15 Apr 1999 10:46:39 -0700
The purpose of denying root telnet access is to prevent brute force attacks on the root password. I would assume any competent admin will be well aware of this behavior and should already know that he can not login as root via telnet. I also would assume any competent admin would disable telnet after installing ssh. Installing ssh and leaving your telnet service running "defeats the purpose" of using ssh to begin with. Software developers can not compensate completely for the stupidity of the admin. Read some system administration books, what is the one thing they all have in common? DONT USE ROOT and if you do, do it only for a damn good reason, and for ONLY that reason. IMHO logging in as root from ssh is no better then logging in as root via telnet. You just shouldn't do it. One last thing, id rather have a would be cracker spending days trying to compromise a disabled root telnet login than finding out the first try and moving to the next account. Just my 2 cents Sam James
---------- From: Rui Ribeiro[SMTP:ruka () MY-DEJANEWS COM] Sent: Thursday, April 15, 1999 4:30 AM To: BUGTRAQ () netspace org Subject: RH Linux telnet problems Today, when trying to log into a machine, I mistakenly used telnet over ssh. True, the RH 5.2 box is configured for not allowing root login. The only problem is that is still asks for the password after learning root is logging. It denied access only after the password was introduced. It should issue a error and not ask for the password, since otherwise it's defeating the whole purpose of denying root telnet access. The purpose, of course, it's preventing the raw transmission over the communication media. Regards, Rui --- Rui Fernando Ferreira Ribeiro IT Consultant CASE -----== Sent via Deja News, The Discussion Network ==----- http://www.dejanews.com/ Easy access to 50,000+ discussion forums
Current thread:
- Re: RH Linux telnet problems James, Samuel P (Apr 15)
- <Possible follow-ups>
- Re: RH Linux telnet problems Alessandro Rubini (Apr 15)
- Re: RH Linux telnet problems Dalvenjah FoxFire (Apr 15)
- Re: RH Linux telnet problems Jamie Lawrence (Apr 15)
- Re: RH Linux telnet problems John D. Hardin (Apr 15)