[rhn-users] Root login with telnet

Sean Countryman scountry at iastate.edu
Thu Jun 29 19:30:41 UTC 2006 

Let me get this straight.  You actually trust your users?  You are
certain that they don't have the capability to install a sniffer?  Are
you really sure that they haven't accidentally installed a Trojan by
clicking on some web site or opening some email?  You are really sure
that they haven't opened up their desktop to some determined hacker
somewhere who is now using their desktop to scan you network so that
he/she can extend their influence and grab more machines on your
network..?

You are sure that there isn't an insecure WiFi port somewhere that
broadcasts out to a parking lot across the street?

You are sure that one of your employee's 15 year old kids hasn't came to
work today with their laptop and plugged into your network?

Don't think it can't happen to you, that's the worst sort of security
problem you can have.  If there is any Internet connectivity in your
organization at all, then you have to be as paranoid as possible at all
times or you will eventually be hacked.

As for your switches protecting you...  don't bet the farm on it.  There
are many possibilities that might allow somebody to still sniff your
network.  Don't ever feel safe or comfortable, you loose your edge as an
administrator.  You have to constantly think of every possible security
flaw you system might have and actively defend your network against
these things.

I heavily recommend you pick up some books on hacking and read them
(even setup a sandbox network to test things out yourself).  The first
time you see the results of how easy it can be to break into your own
network, you'll see why people are suggesting you don't use telnet for
your root account.  Frankly, I haven't used telnet since the '99; I only
use SSH and never as root directly.  I always log in as a non-privileged
account and then su to root.

Never, ever, ever trust anyone.  Your job is to defend your network and
protect the data.  There is no such thing as being too paranoid.  Trust
me, hack your own network and you'll never rest easy again.

- Sean




On Thu, 2006-06-29 at 12:10 -0700, Bill Watson wrote:
> I have heard often the trauma of sending passwords in clear text over the
> network. If one has port 23 isolated from the internet and in a typical
> office environment, is there still risk? There is zero chance that any
> employee is capable of such interception, and the network switches wouldn't
> allow said person the opportunity if they could. 
> 
> Please explain the actual risks so I am enlightened.
> 
> Thank you,
> Bill Watson
> bill at magicdigits.com
> 
> -----Original Message-----
> From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com] On
> Behalf Of Joe Ogulin
> Sent: Thursday, June 29, 2006 12:00 PM
> To: Red Hat Network Users List
> Subject: Re: [rhn-users] Root login with telnet
> 
> 
> Michael Chien wrote:
> > Hi all,
> > 
> > I've noticed that when trying to telnet into RHEL AS 4, and NOT using 
> > SSH, I am unable to log in as root directly, I have to log in as user 
> > and SU.
> > 
> > But with SSH connection, I can login with root account straight away.
> > 
> > Is there a way to change this security feature so direct root login 
> > can be done with regular telnet?
> 
> There probably is (I'm not going to bother researching it), but it is a
> really bad idea to do that, as the telnet protocol sends clear text
> passwords over the network... assuming you are not on a kerberized
> system/subnet.
> 
> Realisitically, you should also edit /etc/ssh/sshd_config
> and change the "PermitRootLogin" option.  Setting it to "without-password"
> will allow you to log in if you have the appropriate
> /root/.ssh/authroized_keys permissions.
> 
> Joe
>

More information about the rhn-users mailing list