Re: Allowing remote root login
On Wed, Oct 15, 2003 at 02:10:56PM -0400, mod wrote: P.S. If you can arrange for my email address to NOT appear in (the bodies of) your responses when broadcast to the world, I'd be much obliged, as I've so far managed to keep it from being harvested for SPAM abusage... I've made a similar request here and on other lists in the past. You will find that a number of people will disregard your request out of hand, and a few think that you are in the wrong to even suggest such a thing... Some people seem to feel that the benefit to the public of quoting your e-mail address is more important than your explicitly stated wish that the public should not have it. A few may even call you stupid or naive for thinking that you can prevent your address from being harvested. Which turns out to be true, since such people will dismiss your request without consideration, causing it to be possible to harvest your address. Oh well. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp0.pgp Description: PGP signature
Re: Allowing remote root login
This will probably start another flame war, but I'm getting upset by people who complain and yet do nothing to help the situation. [Flame mode on] Guys (and gals). This is free and open source. I've taken the initiative to put the mailing lists up. If the servers don't meet your needs, then do one or all of the following: * Start your own list using the list server software of your choice and your own server and ISP. * Fix the bugs (or enhance) the existing list server software (mailman). [Flame mode reduced] Several times in the past, people have complained about the software and its capabilities. And the sysadmins that have to implement it complain about the lack of documentation and the lack of features requested by our community. We seem to have lost sight of the greatest asset of Open Source: We have the power to change things! And yet we just sit around and complain. I'd like to implore you to, instead of taking the time to complain, take the time to look at the source and propose a fix! You will not only fix a problem, but you'll come away with feeling good about helping things out! --Bruce On Thu, 2003-10-16 at 02:57, Derek Martin wrote: On Wed, Oct 15, 2003 at 02:10:56PM -0400, mod wrote: P.S. If you can arrange for my email address to NOT appear in (the bodies of) your responses when broadcast to the world, I'd be much obliged, as I've so far managed to keep it from being harvested for SPAM abusage... I've made a similar request here and on other lists in the past. You will find that a number of people will disregard your request out of hand, ... signature.asc Description: This is a digitally signed message part
spam (again -- was Re: Allowing remote root login)
On Thu, Oct 16, 2003 at 09:51:08AM -0400, Bruce Dawson wrote: I'd like to implore you to, instead of taking the time to complain, take the time to look at the source and propose a fix! You will not only fix a problem, but you'll come away with feeling good about helping things out! Ordinarily I'd agree with that sentiment, except for one thing: There's nothing to be done, except to upgrade. You're running mailman already; the latest version has (fixed) the ability to obscure e-mail addresses. I've already pointed this out. You need only run it and enable that feature. I can't do that for you; I don't have access, and I'm litterally just about as far from any GNHLUG chapter as I can be and still be on planet Earth... In any event, as Ben has pointed out, I've solved the problem for myself. So do it or don't; it no longer affects me. But I still think it's the right thing to do for the user community. Several other people have stated a preference that their addresses not be posted. Personally, I think the damage to those who do care about this issue is far greater than that to those who feel that our addresses should be available. Their argument is basically that, if for example we should post some patch, and then disappear from the list, that the public should be able to get our addresses from the archives so that people can contact us about the patch. This is fine as far as it goes, but ignores (IMO) an extremely important point: I DON'T WANT TO BE CONTACTED. But that's just my opinion, and I'm only one guy. For those who use emacs for their mailer, the following snippet might be useful: (it removes email addresses from citations, like above) Kevin, as usual you've provided a useful solution. Thanks. ... but I'm getting upset by people who complain and yet do nothing to help the situation. Well, FWIW, Bruce, I don't think anyone here is complaining about the server, at least in this thread. I think this is a behavioral thing. Agreed, though as I mention above, making modifications to the server /can/ solve the problem. [For those who see it as a problem, of course.] And yet we just sit around and complain. I'm starting to think that is part of the human condition, and not just limited to this list, or Open Source, or even IT. Agreed, but sometimes, that's all we actually /can/ do... On Thu, Oct 16, 2003 at 10:35:46AM -0400, [EMAIL PROTECTED] wrote: On Thu, 16 Oct 2003, at 3:57pm, [EMAIL PROTECTED] wrote: Some people seem to feel that the benefit to the public of quoting your e-mail address is more important than your explicitly stated wish that the public should not have it. FLAME LEVEL=HIGH [insert profanity here] No, thanks, I'd prefer to keep things polite... ;-) And some people feel that by broadcasting your email address to the world, you're pretty much giving up any hope of keeping it contained, and blaming other people for that is freaking retarded. We've had this discussion already. If I post with X-no-archive, I have not broadcast my e-mail address to the world. I have broadcast it only to the actual recipients of mail from this list. I think anyone technical enough to want to be on this list can see the difference between that set of people, and the whole world. It's pretty darned substantial. Only if one of those people decides to post my address in a public forum does it become broadcast to the world, and then it was not me that did it. It was the person who posted it against my wishes. If you don't see that, there's really nothing else I can say to make you see it. But it seems bloody obvious to me... Here's a concept: If you don't want people to know your email address, don't f**king broadcast it in a public forum. I maintain, as I have all along, that a mailing list is not inherently a public forum. I will not bother to rehash this argument. This is like the whole security through obscurity thing. You think you can keep something that is reasonably obvious and easy to obtain a secret, you solve your problems. Problem is, all it takes is one time, and the cat's out of the bag. Perhaps so; though I disagree. Very few people have my address, because I don't give it out. The only people who've gotten my address through means other than having been given it directly by me are people who've harvested it from web archives or usenet where it was posted by a third party against my wishes. I do not give my e-mail address out to businesses. Ever. But even if you're right, I think those of us who are on this list who are concerned about this issue would thank YOU to not be the one who provides that one time... There are enough unscrupulous people in the world who will sell even the most useless atom of private information about us, that we should not have to concern ourselves with hiding our contact information from those with whom we actually WANT to associate. You applaud my use of
Re: spam (again -- was Re: Allowing remote root login)
On Thu, 2003-10-16 at 13:35, Derek Martin wrote: On Thu, Oct 16, 2003 at 09:51:08AM -0400, Bruce Dawson wrote: I'd like to implore you to, instead of taking the time to complain, take the time to look at the source and propose a fix! You will not only fix a problem, but you'll come away with feeling good about helping things out! Ordinarily I'd agree with that sentiment, except for one thing: There's nothing to be done, except to upgrade. You're running mailman already; the latest version has (fixed) the ability to obscure e-mail addresses. Hmmm. I guess rhn didn't upgrade that. Guess I've got something to do now... I've already pointed this out. You need only run it and enable that feature. Sorry, but I must've missed that posting. I'll see what I can do, and hope no one complains that the addresses are now obscured. I can't do that for you; I don't have access, and I'm litterally just about as far from any GNHLUG chapter as I can be and still be on planet Earth... Really?! Are you anywhere near Christchurch? Can I get you to run an errand for me? It involves pulse jets - I was wondering if you could pick up a nozzle part for me... :-) But, making the fix is my job - they're my servers and it sounds as if mailman needs upgrading. --Bruce signature.asc Description: This is a digitally signed message part
Re: Allowing remote root login
On Thu, 16 Oct 2003, at 3:57pm, [EMAIL PROTECTED] wrote: Some people seem to feel that the benefit to the public of quoting your e-mail address is more important than your explicitly stated wish that the public should not have it. FLAME LEVEL=HIGH [insert profanity here] And some people feel that by broadcasting your email address to the world, you're pretty much giving up any hope of keeping it contained, and blaming other people for that is freaking retarded. Here's a concept: If you don't want people to know your email address, don't f**king broadcast it in a public forum. This is like the whole security through obscurity thing. You think you can keep something that is reasonably obvious and easy to obtain a secret, you solve your problems. Problem is, all it takes is one time, and the cat's out of the bag. /FLAME I notice that you've set your headers to list From as [EMAIL PROTECTED], obviously an invalid address. That makes a huge amount of sense to me. Now you're not broadcasting your email address. Much better! In fact, when I first saw it, I thought, Wow. What a good idea. Why didn't I think of that? And it's a hell of a lot more productive then blaming people for using an email address in an email forum. -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
RE: Allowing remote root login
I know people here don't like topposts but whatever... Get a spam filter (spam assassin works nicely) Set up whitelists Set up those autoresponder things to prove that a real person is sending you email to auto-add them to your whitelist Dump emails with words like enlarge and viagra and boobs Do those and you'll be lucky if you get 1 spam a month.. Just using spamassassin and some basic header checks I get 1 a day if I'm lucky. On Thu, 16 Oct 2003, at 3:57pm, [EMAIL PROTECTED] wrote: Some people seem to feel that the benefit to the public of quoting your e-mail address is more important than your explicitly stated wish that the public should not have it. FLAME LEVEL=HIGH [insert profanity here] And some people feel that by broadcasting your email address to the world, you're pretty much giving up any hope of keeping it contained, and blaming other people for that is freaking retarded. Here's a concept: If you don't want people to know your email address, don't f**king broadcast it in a public forum. This is like the whole security through obscurity thing. You think you can keep something that is reasonably obvious and easy to obtain a secret, you solve your problems. Problem is, all it takes is one time, and the cat's out of the bag. /FLAME I notice that you've set your headers to list From as [EMAIL PROTECTED], obviously an invalid address. That makes a huge amount of sense to me. Now you're not broadcasting your email address. Much better! In fact, when I first saw it, I thought, Wow. What a good idea. Why didn't I think of that? And it's a hell of a lot more productive then blaming people for using an email address in an email forum. -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
Did you mean to send out a blank email? I couldn't see any text in your message (aside from the quoted text). Kind regards, --kevin -- Kevin D. Clark / Cetacean Networks / Portsmouth, N.H. (USA) cetaceannetworks.com!kclark (GnuPG ID: B280F24E) alumni.unh.edu!kdc ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
[EMAIL PROTECTED] wrote: On Thu, 16 Oct 2003, at 3:57pm, [EMAIL PROTECTED] wrote: Stuff deleted I notice that you've set your headers to list From as [EMAIL PROTECTED], obviously an invalid address. That makes a huge amount of sense to me. Now you're not broadcasting your email address. Much better! In fact, when I first saw it, I thought, Wow. What a good idea. Why didn't I think of that? I have a free email address that redirects to my real address: [EMAIL PROTECTED] It's a valid email address but I get little spam on it. Probably because the harvesting software discards addresses with spam in them. Thanks to everyone who puts SPAM in the middle of thier email postings :-) In a similar vein, I don't run sshd on port 22. I don't get any extra security by that but all the ssh scanners and script kiddies scan port 22 by default. So instead of *everyone* rattling the door handle, I only get valid users and more clever, determined scanners. Maybe I can't keep them out, but their scans are not lost in the noise of the script kiddies. I see '[EMAIL PROTECTED]' as likely to get disregarded by some spammers, etc. I think spam@ would be dismissed even more. Sometimes a little misdirection is good even though it's not security by any means. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: spam (again -- was Re: Allowing remote root login)
I'm litterally just about as far from any GNHLUG chapter as I can be and still be on planet Earth... We must be neighbors! North is north and frankly Tux likes the climate north of the notches. Perhaps some fellow mountain users could get together some time (hint hint). But, making the fix is my job - they're my servers and it sounds as if mailman needs upgrading. Would just like to speak as a long time lurker that I think the list is serving a great purpose ... (mine at least) and would not only give a shout out to the admin but all the posters (the good, the bad, and the ugly). I'm a lowly home user who seeks the gems that drift out of this group. Without the list I have to settle for web based forums and the quality is not even close. Pats on the backs to all involved. Just thought I'd mention a fact. David ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
On Thu, 2003-10-16 at 12:14, Tom Buskey wrote: I have a free email address that redirects to my real address: [EMAIL PROTECTED] It's a valid email address but I get little spam on it. Probably because the harvesting software discards addresses with spam in them. Thanks to everyone who puts SPAM in the middle of thier email postings :-) I've often wondered|suspected that they some some filtering on captured email addresses, ie: s/spam|NOSPAM|SPAM//g sort of thing. Is [EMAIL PROTECTED] a valid address for you by chance? I wonder if any spam ever gets sent there, based on spammers cleaning up your spamme@ address? ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
On Thu, 2003-10-16 at 13:39, brian wrote: I've often wondered|suspected that they some some filtering on captured email addresses, ie: s/spam|NOSPAM|SPAM//g sort of thing. Seems to work pretty well. I maintain spam-free-zone.net and I've ended up with zero spam, even when trying to get an address harvested. ;-) C ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
brian wrote: On Thu, 2003-10-16 at 12:14, Tom Buskey wrote: I have a free email address that redirects to my real address: [EMAIL PROTECTED] It's a valid email address but I get little spam on it. Probably because the harvesting software discards addresses with spam in them. Thanks to everyone who puts SPAM in the middle of thier email postings :-) I've often wondered|suspected that they some some filtering on captured email addresses, ie: s/spam|NOSPAM|SPAM//g sort of thing. Is [EMAIL PROTECTED] a valid address for you by chance? I wonder if any spam ever gets sent there, based on spammers cleaning up your spamme@ address? I don't own @punkass.com. It's owned by HotPop. When I signed up I wondered if spamme was taken and [EMAIL PROTECTED] looks like an invalid address to most. Of course I get a had time with my real email (.name .com?) and some web forms insist .name is an invalid domain. That probably also keeps me off some spam lists for the nonce. I do get spam from HotPop for this address, but it's part of the condition of getting a free POP/redirected email address. It's very easy to filter out too. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: spam (again -- was Re: Allowing remote root login)
On Thu, Oct 16, 2003 at 02:39:40PM -0400, Bruce Dawson wrote: already; the latest version has (fixed) the ability to obscure e-mail addresses. [SNIP] Sorry, but I must've missed that posting. I'll see what I can do, and hope no one complains that the addresses are now obscured. Well I'd point you at the archives, but this was before I started using invalid@ and stopped using X-no-archive, so it ain't there... ;-) I can't do that for you; I don't have access, and I'm litterally just about as far from any GNHLUG chapter as I can be and still be on planet Earth... Really?! Are you anywhere near Christchurch? Can I get you to run an errand for me? It involves pulse jets - I was wondering if you could pick up a nozzle part for me... :-) Heh! No, not near Christchurch. I'm about a time zone west and rather far north of there, in Daegu, South Korea. About to be teaching English, believe it or not... But if I come across any pulse jet parts, I'll be sure to let you know. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp0.pgp Description: PGP signature
Re: Allowing remote root login
Use the following procedure to enable them. 1. Add rlogin and rsh to /etc/securetty: # echo rlogin /etc/securetty # echo rsh /etc/securetty That securetty file is only intended to be a list of devices from which secure logins are allowed, so I think it's likely that step #1 of your instructions is incorrect since rlogin and ssh are services rather than devices. 2. Modify xinetd's configuration files /etc/xinetd.d/rlogin and /etc/xinetd.d/rsh. Change the line from disable= yes to disable= no 3) Restart xinetd. I believe your steps #2 and #3 are more likely to have been what did the trick. 4) When done with software install, reverse process ands use ssh. This is our /etc/securetty did not find this documented anywhere. Most distributions that I've used have had a man page for securetty. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
On my RH8 system I did steps 23 first. Alone they did not work. After then doing step 1 it worked fine. I only needed it to work temporarily so once working I stopped looking into all the if's but's and why's since I'm going to undo it anyway. If you don't believe the 'rsh/rlogin' entries in /etc/securetty are effective, try it yourself. I didn't believe they were valid entries for that file either, then I tried it. Otherwise you would need to specifiy stuff like pts/1, pts/2, pts/3... ad naseum. [EMAIL PROTECTED] wrote: Use the following procedure to enable them. 1. Add rlogin and rsh to /etc/securetty: # echo rlogin /etc/securetty # echo rsh /etc/securetty That securetty file is only intended to be a list of devices from which secure logins are allowed, so I think it's likely that step #1 of your instructions is incorrect since rlogin and ssh are services rather than devices. 2. Modify xinetd's configuration files /etc/xinetd.d/rlogin and /etc/xinetd.d/rsh. Change the line from disable= yes to disable= no 3) Restart xinetd. I believe your steps #2 and #3 are more likely to have been what did the trick. 4) When done with software install, reverse process ands use ssh. This is our /etc/securetty did not find this documented anywhere. Most distributions that I've used have had a man page for securetty. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss -- __ | 0|___||. Andrew Gaunt - Computing Development Environment _| _| : : } Lucent Technologies: http://www-cde.mv.lucent.com/~quantum -(O)-==-o\ Personal: http://www.gaunt.org ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
That securetty file is only intended to be a list of devices from which secure logins are allowed, so I think it's likely that step #1 of your instructions is incorrect since rlogin and ssh are services rather than devices. On my RH8 system I did steps 23 first. Alone they did not work. After then doing step 1 it worked fine. Hmmm, I didn't test it but there are indeed some WWW pages out there indicating that use of securetty has been extended as you described, though this is apparently an RHAT-specific hack - at least, my Debian system does not work this way. P.S. If you can arrange for my email address to NOT appear in (the bodies of) your responses when broadcast to the world, I'd be much obliged, as I've so far managed to keep it from being harvested for SPAM abusage... ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
I'm would also consider it to be a hack (but, it works of now) if it works on RH only. We have a number of debian systems here too (I run debian at home as well). Another reason for me to further embrace ssh. -- __ | 0|___||. Andrew Gaunt - Computing Development Environment _| _| : : } Lucent Technologies: http://www-cde.mv.lucent.com/~quantum -(O)-==-o\ Personal: http://www.gaunt.org [EMAIL PROTECTED] wrote: That securetty file is only intended to be a list of devices from which secure logins are allowed, so I think it's likely that step #1 of your instructions is incorrect since rlogin and ssh are services rather than devices. On my RH8 system I did steps 23 first. Alone they did not work. After then doing step 1 it worked fine. Hmmm, I didn't test it but there are indeed some WWW pages out there indicating that use of securetty has been extended as you described, though this is apparently an RHAT-specific hack - at least, my Debian system does not work this way. P.S. If you can arrange for my email address to NOT appear in (the bodies of) your responses when broadcast to the world, I'd be much obliged, as I've so far managed to keep it from being harvested for SPAM abusage... ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
P.S. If you can arrange for my email address to NOT appear in (the bodies of) your responses when broadcast to the world, I'd be much obliged, [...] This would be a lot easier to comply with if you'd include a real name field in your ^From: line. Without one, most sane MUAs attribute text to the address. Oops. True enough. Dang - I thought I'd fixed that already... ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
Dan Coutu wrote: Got a RedHat 9 system that I need to allow remote telnet logins to root from the LAN. I had thought that an entry in What about using sssh? If you can then simply enable root logins in /etc/ssh/sshd_config Using telnet is a bad idea... it continues a bad habit. SSH with passwords is good... with keys is better. Jared ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
Dan Coutu wrote: First of all, I know this isn't a great idea, but it is required by a specific scenario. Here's the situation: I thought I had made myself perfectly clear that I understand ssh is better than telnet. Due to circumstances way beyond my control I Well... to be fair (to myself) it was not clear what you thought was a bad idea... allowing remote root logins or using telnet. You did not mention ssh in your first email and it could be read either way... and in one case there might be the option to use ssh.. which is why I suggested it. No need to get snippy... Jared ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 13 Oct 2003 15:58:45 -0400 Dan Coutu [EMAIL PROTECTED] wrote: First of all, I know this isn't a great idea, but it is required by a specific scenario. Here's the situation: Got a RedHat 9 system that I need to allow remote telnet logins to root from the LAN. I had thought that an entry in /etc/security/access.conf would do the trick but it didn't. I also went to /etc/xinetd.d and edited the telnet file to enable telnet. Still no joy. I must be missing something else but don't know what. A search of the mail archives turned up nothing. Ideas? Dan, WRT: The other posts, have you been able to allow for non-root logins over telnet. Then, once logged in, then use su, sudo or sux to become root. You may need to add /dev/pts to /etc/securetty. But, I think you are opening up a can of worms. - -- Jerry Feldman [EMAIL PROTECTED] Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/ixTS+wA+1cUGHqkRAnugAJ4nTmqJeMNBO4gKlllfcn+V2abqEgCeIrce GuOCjXBvJ7IrQ4aSOsHAAH0= =pubr -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
On Mon, 2003-10-13 at 17:10, Jerry Feldman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 13 Oct 2003 15:58:45 -0400 Dan Coutu [EMAIL PROTECTED] wrote: First of all, I know this isn't a great idea, but it is required by a specific scenario. Here's the situation: Got a RedHat 9 system that I need to allow remote telnet logins to root from the LAN. I had thought that an entry in /etc/security/access.conf would do the trick but it didn't. I also went to /etc/xinetd.d and edited the telnet file to enable telnet. Still no joy. I must be missing something else but don't know what. A search of the mail archives turned up nothing. Ideas? Dan, WRT: The other posts, have you been able to allow for non-root logins over telnet. Then, once logged in, then use su, sudo or sux to become root. You may need to add /dev/pts to /etc/securetty. But, I think you are opening up a can of worms. Yes, I know it is a can of worms. Unfortunately I need to first solve this and then work on finding a way to solve it better. The problem is that the client has an application which allows administrative actions only when logged in as root. It uses an ancient curses based interface that uses strange terminal mapping that simple doesn't work correctly with any of the conventional termcap entries that I've tried. Either the keyboard mapping is wrong or the display gets unreadable. Everything works correctly though when connecting with a terminal emulator that only supports telnet connections. Sigh. Thanks for the help folks, sorry for the impatient reply to Jared earlier. -- Dan Coutu Managing Director Snowy Owl Internet Consulting, LLC http://www.snowy-owl.com ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes, but can you first log in as a regular user then either su or sudo or sux? On Mon, 13 Oct 2003 17:20:18 -0400 Dan Coutu [EMAIL PROTECTED] wrote: On Mon, 2003-10-13 at 17:10, Jerry Feldman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 13 Oct 2003 15:58:45 -0400 Dan Coutu [EMAIL PROTECTED] wrote: First of all, I know this isn't a great idea, but it is required by a specific scenario. Here's the situation: Got a RedHat 9 system that I need to allow remote telnet logins to root from the LAN. I had thought that an entry in /etc/security/access.conf would do the trick but it didn't. I also went to /etc/xinetd.d and edited the telnet file to enable telnet. Still no joy. I must be missing something else but don't know what. A search of the mail archives turned up nothing. Ideas? Dan, WRT: The other posts, have you been able to allow for non-root logins over telnet. Then, once logged in, then use su, sudo or sux to become root. You may need to add /dev/pts to /etc/securetty. But, I think you are opening up a can of worms. Yes, I know it is a can of worms. Unfortunately I need to first solve this and then work on finding a way to solve it better. The problem is that the client has an application which allows administrative actions only when logged in as root. It uses an ancient curses based interface that uses strange terminal mapping that simple doesn't work correctly with any of the conventional termcap entries that I've tried. Either the keyboard mapping is wrong or the display gets unreadable. Everything works correctly though when connecting with a terminal emulator that only supports telnet connections. Sigh. Thanks for the help folks, sorry for the impatient reply to Jared earlier. -- Dan Coutu Managing Director Snowy Owl Internet Consulting, LLC http://www.snowy-owl.com ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss - -- Jerry Feldman [EMAIL PROTECTED] Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/ixis+wA+1cUGHqkRAiTmAJ4727euIf6XRG+d8Sb1bp5VxgFzbQCfcVBq D0RJpDzxiXeNUgPU+z+eQVQ= =EH1Q -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Allowing remote root login
On Mon, 2003-10-13 at 17:27, Jerry Feldman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes, but can you first log in as a regular user then either su or sudo or sux? Ah, sorry, forgot to answer that. No, the application runs as a captive login. (When you login the application starts, you can't get to a shell.) -- Dan Coutu Managing Director Snowy Owl Internet Consulting, LLC http://www.snowy-owl.com ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss