[10256] in bugtraq
Re: RH Linux telnet problems
daemon@ATHENA.MIT.EDU (Alessandro Rubini)
Fri Apr 16 16:40:45 1999
Date: Thu, 15 Apr 1999 20:32:10 +0200
Reply-To: Alessandro Rubini <rubini@PROSA.IT>
From: Alessandro Rubini <rubini@PROSA.IT>
To: BUGTRAQ@NETSPACE.ORG
About preventing telnet as root:
> It should issue a error and not ask
> for the password, since otherwise it's defeating the whole purpose
> of denying root telnet access. The purpose, of course, it's
> preventing the raw transmission over the communication media.
The purpose, of course, is preventing "anonymous" root access. Since
root is is often shared by several people, it's important to know who
is root at a certain time (it may also be a very primitive security
measure over cracker access, but too primitive to be really
successful, imho).
If you want to prevent raw trasmission of passwords, you should
disable telnet and rlogin altogether.
/alessandro
