> On Mon Jan 18 1999 at 21:52, [EMAIL PROTECTED] wrote:
>
> > I was wondering, why it is that in redhat linux you cannot
> do a telnet login
> > directly as root. what would make it so that you cannot
> log in as root
> > directly on telnet ? I am very curious to see how this
> mechanism works, i f
> > anyone has any suggestions .. thanx in advance
>
> It's a security issue. Any privileged login from anywhere other than
> the local console is a high security risk.
What if you don't have local access to your own box?
> The way this should be done is to telnet in as an ordinary user, then
> su to root from there.
How is that any more secure than than logging in as root to begin with?
> It is possible to connect directly as root from a network connection
> with ssh, but that's another issue.
99% of system crackers never log in directly as root anyway. Rather they log
in as a non-privilaged user and go from there.
Don't get me wrong, I've always made it prudent to not log in as root
directly, but I'm really curious as to why this would be such a bad thing?
What is the major security risk in logging in directly or logging in as a
non-privilaged user and then su-ing?
---
Aaron Blair
Newave Technologies Inc. - http://www.newave.net
"How could this be a problem in a country where we have Intel and
Microsoft?" - Al Gore on Y2K
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
