The purpose of denying root telnet access is to prevent brute force attacks on the root password. I would assume any competent admin will be well aware of this behavior and should already know that he can not login as root via telnet. I also would assume any competent admin would disable telnet after installing ssh. Installing ssh and leaving your telnet service running "defeats the purpose" of using ssh to begin with. Software developers can not compensate completely for the stupidity of the admin. Read some system administration books, what is the one thing they all have in common? DONT USE ROOT and if you do, do it only for a damn good reason, and for ONLY that reason. IMHO logging in as root from ssh is no better then logging in as root via telnet. You just shouldn't do it. One last thing, id rather have a would be cracker spending days trying to compromise a disabled root telnet login than finding out the first try and moving to the next account. Just my 2 cents Sam James > ---------- > From: Rui Ribeiro[SMTP:ruka@MY-DEJANEWS.COM] > Sent: Thursday, April 15, 1999 4:30 AM > To: BUGTRAQat_private > Subject: RH Linux telnet problems > > Today, when trying to log into a machine, I mistakenly used telnet over > ssh. True, the RH 5.2 box is configured for not allowing root login. The > only problem is that is still asks for the password after learning root is > logging. It denied access only after the password was introduced. > > It should issue a error and not ask for the password, since otherwise it's > defeating the whole purpose of denying root telnet access. The purpose, of > course, it's preventing the raw transmission over the communication media. > > Regards, > Rui > > --- > Rui Fernando Ferreira Ribeiro > IT Consultant > CASE > > > > > > > -----== Sent via Deja News, The Discussion Network ==----- > http://www.dejanews.com/ Easy access to 50,000+ discussion forums >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:44 PDT