Robert Schelander wrote:
>
> Does anyone know how to configure the system that root can
> only telnet from local ethernet and not via the ham interfaces.
> It should still be possible for any ham to use telnet with his
> username.
>
I'm taking a different approach. But it involves an additional PC
though.
I've disabled normal telnet access completely for the main server
(pi8zaa). To login to this machine as root I use ssh.
Then I've added a second PC (an old 486SX) with hostname sys2.pi8zaa.
Users can login (with telnet, ftp, or plain AX.25) to this machine only.
The home directory is nfs exported.
The main server (FBB, apache, and public ftp) does an nfs mount of the
home directory of sys2.pi8zaa.
Maybe this is not the most clever way of doing things. It certainly
takes up more floor space and results in a higher electricity bill :-)
But that's not an issue for us.
At least it gives me less worries on the security of the main server.
73, Arno pe1icq
