37 messages in org.freebsd.freebsd-questionsroot login with telnetd| From | Sent On | Attachments |
|---|---|---|
| Wojciech Puchar | Mar 10, 2007 9:51 pm | |
| Kevin Kinsey | Mar 10, 2007 10:05 pm | |
| Beech Rintoul | Mar 10, 2007 10:38 pm | |
| al...@schnarff.com | Mar 11, 2007 12:17 am | |
| Wojciech Puchar | Mar 11, 2007 7:13 am | |
| Wojciech Puchar | Mar 11, 2007 7:16 am | |
| Garrett Cooper | Mar 11, 2007 7:31 am | |
| Wojciech Puchar | Mar 11, 2007 7:41 am | |
| Wojciech Puchar | Mar 11, 2007 7:41 am | |
| Beech Rintoul | Mar 11, 2007 9:03 am | |
| Christian Walther | Mar 11, 2007 9:43 am | |
| Wojciech Puchar | Mar 11, 2007 10:07 am | |
| Wojciech Puchar | Mar 11, 2007 10:08 am | |
| Howard Jones | Mar 11, 2007 10:52 am | |
| Wojciech Puchar | Mar 11, 2007 11:12 am | |
| Howard Jones | Mar 11, 2007 11:28 am | |
| Wojciech Puchar | Mar 11, 2007 12:41 pm | |
| Sergio Lenzi | Mar 11, 2007 2:09 pm | |
| Sergio Lenzi | Mar 11, 2007 2:22 pm | |
| Wojciech Puchar | Mar 11, 2007 3:55 pm | |
| Hugo Silva | Mar 11, 2007 4:19 pm | |
| Hugo Silva | Mar 11, 2007 4:31 pm | |
| Paul Schmehl | Mar 11, 2007 5:11 pm | |
| Christian Walther | Mar 11, 2007 7:52 pm | |
| Gerard Seibert | Mar 11, 2007 8:10 pm | |
| Wojciech Puchar | Mar 11, 2007 8:46 pm | |
| Sergio Lenzi | Mar 11, 2007 8:59 pm | |
| Gerard Seibert | Mar 11, 2007 9:03 pm | |
| Jeff Rollin | Mar 11, 2007 9:58 pm | |
| Wojciech Puchar | Mar 11, 2007 10:31 pm | |
| Wojciech Puchar | Mar 11, 2007 10:32 pm | |
| Wojciech Puchar | Mar 11, 2007 10:39 pm | |
| Sergio Lenzi | Mar 12, 2007 2:00 am | |
| Wojciech Puchar | Mar 12, 2007 7:47 am | |
| Sergio Lenzi | Mar 12, 2007 1:37 pm | |
| Sergio Lenzi | Mar 12, 2007 1:39 pm | |
| Chris Kottaridis | Mar 12, 2007 5:13 pm |
| Subject: | root login with telnetd | |
|---|---|---|
| From: | Sergio Lenzi (len...@k1.com.br) | |
| Date: | Mar 11, 2007 2:09:37 pm | |
| List: | org.freebsd.freebsd-questions | |
Hello...
I see you issues about telenet...
I use the inetd+telnet for more than 20 years and using BSD with RSA, and obviiously with a good password.
I have never been cracked down... and I have 10 of my /etc/ttys entries setted to "secure"
ttyp0 none network off secure ttyp1 none network off secure ttyp2 none network off secure ttyp3 none network off secure ttyp4 none network off secure ttyp5 none network off secure ttyp6 none network off secure ttyp7 none network off secure ttyp8 none network off secure ttyp9 none network off secure ttypa none network off secure ttypb none network off secure ttypc none network off secure
in my /etc/master.passwd..... root:*:0:0::0:0:Charlie &:/root:/bin/csh
a "kill -1 1" would allow root do dial in
I block the root account in /etc/master.passwd by put a "*" as md5hash and setted up an "supper" account.....
pw adduser xxxxxxxxx -d /root -s /usr/local/bin/bash -u 0 -g 0 -h 0
Than is done...
All the cracking I have seen is from someone that is INSIDE the machine (http using php,pop,imap, ssh,...) that is you have yet allowed him to come in, you gave them the password (in the case of ssh), or in http...
A "normal" FreeBSD 6.2 or an OpenBSD, is incredible solid...
You must know the "superuser" login AND the password....
choose a password with letters and numbers, or something in portuguese (only 7 countries speak that): biruta22, pezinho12, 45pinheiiros, tovazioagora, batatinha744, 45canastra96.....
I tested in an security system and it says is have good security... (pgp)...
Besides.. using brute force in a word like "itacolomi" using a 1 second delay would result ,,,, "forever" Besides, BSD have the ability to force a new password once it is too old... a new password every 3 months is a good choice.... and you must stilll pass through RSA .
Thanks for sharing the experience... now I know I am not the one that uses "telenet"