View previous topic :: View next topic |
Author |
Message |
gsfgf Veteran
Joined: 08 May 2002 Posts: 1266
|
Posted: Wed Oct 02, 2002 3:10 am Post subject: telneting in as root |
|
|
I have a freebsd server running telnetd. It by default does not allow root acess. I am wondering if it would be bad to allow root accsess in case i need to make an important config change to the sys from a remote location. Also if i am in the wheel group will i be able to amek all necessary changes?
I know ssh is better, but it isn't happening on a locked down win 98 box that i can't install apps on.
the specific change would be adding users. Also what is a good resource for knowing whar privlidges to give a user. I always run as root or wheel and have never delt w/ this kinda stuff before.
EDIT: I can su root from telnet so that prob is solved.
Last edited by gsfgf on Wed Oct 02, 2002 3:18 am; edited 1 time in total |
|
Back to top |
|
|
gsfgf Veteran
Joined: 08 May 2002 Posts: 1266
|
Posted: Wed Oct 02, 2002 3:15 am Post subject: |
|
|
basically i want ot give $user access to /pub and to /home/$user w/ FTP. I can see no reason the users would use telnet so that doesn't need to be implimented. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20054
|
Posted: Wed Oct 02, 2002 3:19 am Post subject: |
|
|
Where does Gentoo come into the equation? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Wed Oct 02, 2002 6:39 am Post subject: |
|
|
Is the physical network between where you are logging in as root from and to secure? Your root password is going out on the wire in cleartext. _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
gsfgf Veteran
Joined: 08 May 2002 Posts: 1266
|
Posted: Wed Oct 02, 2002 4:12 pm Post subject: |
|
|
nope. the network isn't secue. i'll stick w/ normal user. |
|
Back to top |
|
|
splooge l33t
Joined: 30 Aug 2002 Posts: 636
|
Posted: Wed Oct 02, 2002 7:30 pm Post subject: |
|
|
This is why sshd exists, and why the worlds greatest ssh client is free. Search google for putty.exe, use that and you won't have to worry about security.
However I recommend logging in as your normal user anyways, then doing a 'su' or 'sudo' everytime you want to run something as root. |
|
Back to top |
|
|
rizzo Retired Dev
Joined: 30 Apr 2002 Posts: 1067 Location: Manitowoc, WI, USA
|
Posted: Wed Oct 02, 2002 7:54 pm Post subject: |
|
|
gsfgf wrote: | nope. the network isn't secue. i'll stick w/ normal user. |
I don't think it matters what user you log in as if you're using telnet. ALL TRAFFIC IS IN THE CLEAR. So if you telnet in as your user and then su to root, anyone sniffing packets will see both your password and the root password and anything else you do over telnet.
Telnet be the demon seed of Lucifer himself. Use openssh. NOW. |
|
Back to top |
|
|
nemo_ Apprentice
Joined: 19 Sep 2002 Posts: 167 Location: Brussels, Belgium
|
Posted: Wed Oct 02, 2002 10:16 pm Post subject: |
|
|
forget about telnet definitively, it's place is in a museum.
get putty, you dont have to install anything to run it, just download the executable. |
|
Back to top |
|
|
gsfgf Veteran
Joined: 08 May 2002 Posts: 1266
|
Posted: Thu Oct 03, 2002 12:20 am Post subject: |
|
|
thx for the info, but i cannot use putty on the school computers. |
|
Back to top |
|
|
Curious Bodhisattva
Joined: 13 May 2002 Posts: 395 Location: Sydney, Australia
|
Posted: Thu Oct 03, 2002 12:24 am Post subject: |
|
|
rizzo wrote: | I don't think it matters what user you log in as if you're using telnet. ALL TRAFFIC IS IN THE CLEAR. So if you telnet in as your user and then su to root, anyone sniffing packets will see both your password and the root password and anything else you do over telnet. |
Agreed. As someone who habitually sniffs networks under my protection, this happens all the time. I don't understand how you can't run putty on a Win98 box - it will run off floppy / cdrom. Must be one hell of a locked down box.
Do you have the 'skillz' to write a CGI script to do the job and then run it via https?
-- Curious _________________ Are you down with the Hawk? |
|
Back to top |
|
|
pilla Bodhisattva
Joined: 07 Aug 2002 Posts: 7729 Location: Underworld
|
Posted: Thu Oct 03, 2002 1:21 am Post subject: |
|
|
A possible solution (even not very beautifulll) would be having a pool of users and passwords to be used only once. After login in by the first time, kill the possibility of this user/password being used again. Then, sudo to do the root workz.
But not telnet as root, please!!! |
|
Back to top |
|
|
Yarrick Bodhisattva
Joined: 05 Jun 2002 Posts: 304 Location: Malmö, Sweden
|
Posted: Sun Oct 06, 2002 5:50 pm Post subject: |
|
|
there are also some java applets providing ssh service, if you cant use putty. |
|
Back to top |
|
|
gsfgf Veteran
Joined: 08 May 2002 Posts: 1266
|
Posted: Mon Oct 07, 2002 12:02 am Post subject: |
|
|
Curious wrote: |
Agreed. As someone who habitually sniffs networks under my protection, this happens all the time. I don't understand how you can't run putty on a Win98 box - it will run off floppy / cdrom. Must be one hell of a locked down box.
-- Curious |
Most of the cd drives are borken. If it fits on a floppy i'll do that. |
|
Back to top |
|
|
arkane l33t
Joined: 30 Apr 2002 Posts: 918 Location: Phoenix, AZ
|
|
Back to top |
|
|
|