Link to home
Start Free TrialLog in
Avatar of cht
cht

asked on

Linux equivalent to the solaris /etc/default/login file

Is there an equivalent linux file to the solaris /etc/default/login file which can define whether the root user can login across the network or only from the consol?

Thanks
Avatar of dorward
dorward
Avatar of garisoain
garisoain
root access from console or network?

check:    /etc/inittab
it's well commented...

Hope this helps
-garisoain
Avatar of tdaoud
tdaoud

It is the file /etc/securetty, there you add the terminals that you want to enable root login from.

Good luck,

Tarik
Avatar of garisoain
garisoain
=) yep... dorward is right... so is tdaoud, both comments refer to /etc/securetty.. =)

what i was thinking? =)
Avatar of cht
cht

ASKER

Do you know what the line would be that needed to be included in the /etc/securetty file to allow root telnet access?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of tdaoud
tdaoud
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dorward
dorward
Allowing root telnet access is a BAD BAD idea as passwords are sent across the network unencrypted.

You would be much better installing OpenSSH and using that as it will encrypt the data. (It also has other useful features such as data compression to speed up access over slow network connections)
Avatar of tdaoud
tdaoud

I strongly agree with dorward security related remarks.

Tarik
Avatar of dorward
dorward
To take it a stage further, I do not install (or uninstall) telnetd from all my systems and allow all remote users access only through encrypted proticals. There are SSH clients for Windows users in the form of a terra term pro plug in, putty, and part of cygwin.
Avatar of vsamtani
vsamtani
I just tried adding pts/0 , pts/1 etc to my /etc/securetty and it didn't permit root login by telnet; however, adding the lines

0
1
2
3

allowed me to login as root from a telnet session. I don't know if this is something dependent on versions of login, telnetd, etc.

All the warnings above re insecurity of telnet are very valid - telnet simply should not be used over an insecure wire, which is more or less any wire other than a cross-over cable whose entire length you can see...

Vijay
Avatar of tdaoud
tdaoud

I'm talking about RedHat version 7.1

It could be different for other versions of UNIX/Linux's

In the past I can't recall which RedHat version it used to be ttyp0, ttyp1, ...etc

One way I can tell the terminal name is while I'm logged in I would do the "who" command and it would show me the terminals names from where people are logging in from or at least mine if I was the only user telneting in.

Tarik
Avatar of vsamtani
vsamtani
Yes, I think it must be version-specific - I was just checking on a Redhat 6.1 system. The output from ps and who is misleading, though - it says pts/0 is where I am logged in, but this doesn't work for /etc/securetty. However, the clue (I think) is in /var/log/secure - I disabled /etc/securetty by renaming it, then telnetted in as root, and got a message in /var/log/secure saying:

Jul 26 16:31:13 gate login: ROOT LOGIN ON 2 FROM vs32

- note the LOGIN ON 2, rather than LOGIN ON PTS/2

Vijay
Avatar of paulqna
paulqna
Flag of Netherlands image
1) Install ssh and make sure this works (also after reboot)
2) Create empty /etc/securetty.
3) additionally: Restrix acces using /etc/hosts.allow /etc/hosts.deny

Avatar of cht
cht

ASKER

Thanks for your help. I think I probably will restrict root access - but it's still good to know...
Avatar of cht
cht

ASKER

Thanks for your help. I think I probably will restrict root access - but it's still good to know...