Root access (was RE: which prebuilt linux boxes seem to work best?)

Kerry Hoath kerry at gotss.eu.org
Wed Oct 25 03:03:57 EDT 2000 

How about this: use ssh and permit root logins with it. That way
if you do have to come in as root remotely you can do it encrypted.
You can use options in /etc/ssh/config to allow only validated hosts in i.e.
certain ips with keys that are known to the server or certain hosts keys.
you can't telnet in as root normall unless you add all pseudo ttys to 
/etc/securetty. What's wrong with telnetting in as a normal user and
runnin su?
Regards, Kerry.
On Mon, Oct 23, 2000 at 08:55:11PM -0500, Brent Harding wrote:
> There's no securetty that'd work remotely, I'm sure because it doesn't
> allow you to use an ip address. I'm sure eth0 doesn't count, as it's not
> really considered a device file in /dev. I'm not fond of the idea of
> multiple root privileged users, especially if it's not really needed.
> At 05:08 PM 10/23/00 +1100, you wrote:
> >On Sun, 22 Oct 2000, Brent Harding wrote:
> >
> >> What access does the root group give? Setting up virtual hosts, or whatever
> >> involves a lot of access, depending which virtual service one is using,
> >
> >This would vary from system to system, depending on what files belong to
> >the root group and the permissions on those files.
> >
> >> unless there were a script out that I could be given access to to get all
> >> of it done that'd run as root.
> >
> >You could do this, but it'd be up to the sysadmin to do this.
> >
> >> Wouldn't it take the luck of the draw, for say the admin gives the access
> >> to /dev/pts/0 and someone else is logged in to that, so my connection could
> >> be pts/4 or 5 depending who's on? I'd some how have to move them to another
> >> device so I could get my privileges.
> >
> >Yes, which is why you wouldn't ever put a pts device in
> >/etc/securetty.  And the sysadmin would still have to give out the root
> >account's password to you.  In fact, if I were a sysadmin, I'd consider
> >clearing out /etc/securetty altogether so no one could login directly as
> >root, meaning that everyone would either have to know both a user name and
> >password and the root password, or have access to sudo as a user.  Sounds
> >much more secure.
> >
> >Geoff.
> >
> >
> >
> >
> >-- 
> >Geoff Shang <gshang10 at scu.edu.au>
> >ICQ number 43634701
> >
> >
> >_______________________________________________
> >Speakup mailing list
> >Speakup at braille.uwo.ca
> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> >
> >
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
--
Kerry Hoath: kerry at gotss.eu.org
Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
ICQ UIN: 62823451

More information about the Speakup mailing list