On Wed, Jan 17, 2001 at 02:22:06PM -0500, Dean Staff <[EMAIL PROTECTED]> wrote:
> [...]
> I had the same problem (not really a problem, more of an issue) as
> everyone else with trying to telnet in as root. But, seeing as how I
> write the Security Watch column for "Maximum Linux", I tend to agree
> with Gordon and the other e-smith developers, that forcing
> administrators to use SSH to remote login as root is a good thing.
Yep - My issue is that providing telnet as "root" for the local
network means allowing telnet as "root" for the external network if
public telnet is enabled.
Which I class as a problem...anyway, we are looking into this. Hoopy
things may be able to be done with the "twist" equivalent in xinetd,
but not for 4.1...
> That said, why don't you do the same with "admin" after all root and
> admin use the same password.
> [.../]
Quite true, and we have talked about this. Doing so requires
configuration and testing of PAM as well (and checking that everything
adheres properly to the PAM settings), whereas disabling root is built
into SSH and telnet.
However, most users want to administer e-smith via the console/web
browser, and so most people need, and want, admin access, which does
not include a command-line.
Gordon
--
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 564 8000 ext. 4378 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
