TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:10372] telnet over network



> 
> 
> 	It's much better to change the pam entry.  It's directed more to
> the point of what he wants to accomplish, and more easily reversible.

From the manpage for login(1)

       The  file /etc/securetty lists the names of the ttys where
       root is allowed to log in. One name of a tty device  with
       out  the  /dev/ prefix must be specified on each line.  If
       the file does not exist, root is allowed to log in on  any
       tty.  

Which would appear to be easily reversible, and directly related to
what he is trying to accomplish.

And as for ssh, both versions 1 and 2 follow the setting in
/etc/sshd_config. Regardless of the setting in /etc/securetty and/or
whether the /etc/securetty file exists or not.

However, I have never tested any of this using openSSH which may be
the key difference between what we are talking about here. Or perhaps
you a running a different linux distribution? I'm running redhat 6.0
and 6.1 myself.

Regards

					- Karl