Re: [TCLUG:10372] telnet over network

["Eric M. Hopper" <hopper@omnifarious.mn.org>]

On Mon, Nov 22, 1999 at 08:36:06PM -0600, Karl Morgan wrote:
> 
> >From the manpage for login(1)
> 
>        The  file /etc/securetty lists the names of the ttys where
>        root is allowed to log in. One name of a tty device  with
>        out  the  /dev/ prefix must be specified on each line.  If
>        the file does not exist, root is allowed to log in on  any
>        tty.  

	This should be removed from the manpage for login since it isn't
up to login how this works anymore.

> Which would appear to be easily reversible, and directly related to
> what he is trying to accomplish.

	It is, but there may be other programs the use the securetty
file for other things.  It could be kind of dangerous (beyond allowing
root logins over telnet) for the system to consider all ttys to be
secure.

> And as for ssh, both versions 1 and 2 follow the setting in
> /etc/sshd_config. Regardless of the setting in /etc/securetty and/or
> whether the /etc/securetty file exists or not.

	The ssh that comes from that one place that tries to sell it and
doesn't distribute it under the GPL works just fine with no pam
modifications.

> However, I have never tested any of this using openSSH which may be
> the key difference between what we are talking about here.  Or perhaps
> you a running a different linux distribution? I'm running redhat 6.0
> and 6.1 myself.

	I'm running 6.1.  OpenSSH is different in this regard.

Have fun (if at all possible),
-- 
Its name is Public Opinion.  It is held in reverence. It settles everything.
Some think it is the voice of God.  Loyalty to petrified opinion never yet
broke a chain or freed a human soul.     ---Mark Twain
-- Eric Hopper (hopper@omnifarious.mn.org
                http://ehopper-host105.dsl.visi.com/~hopper) --

PGP signature