From: byron@cc.gatech.edu (Byron A Jeff) Subject: Re: TELNET AND ROOT Date: Fri, 17 Sep 1993 13:51:05 GMT
In article <748188023.AA07653@psybbs.durham.nc.us>,
Derek Bischoff <Derek.Bischoff%f1.n3641.z1@psybbs.durham.nc.us> wrote:
>This has got to be easy, but I can't seem to find it in the FAQ's
>I telnet regularly to my LInux box from other places in the
>building, however I noticed today, that I can telnet into
>any login other than root. when ever I use telnet to
>log in as root I get:
>Login incorrect
>
>(oh, and I am using a simple 8 letter password)
>
>all other logins are fine.
>What is the story?
>I can get around it bye telnetting in, and just su to root.... but..
This definitely qualifies as a FAQ. I've answered this question 4 times
this week and twice today. Is this question in a FAQ list somewhere?
As a security measure root logins are only allowed on secure TTYS. The
entry for these is found in the file /etc/login.defs. The entry can be
a colon separated list of ttys or a file containing the list of ttys.
In most default set of secure ttys are limited to the virtual consoles.
Therefore you can't log in as root either via telnet or via a serial port.
Please Note: This is a FEATURE! It's good security not to be able to log
in as root from anywhere. Any time you really need root acces you can log in
as a normal user and su to root. Oftentimes this prevents malicious access
from intruders and su forces the superuser to remember he/she is now root
and that you can now cause major damage to you system. I'd advise folks
unless there is a really good reason to have outside root logins, just
leave them alone.
BAJ
>
>
>
>... Sincerely, Derek