[rhn-users] Root login with telnet

Thu Jun 29 21:10:51 UTC 2006

Thanks for all the replies! I knew I was stepping in it before I hit send.

Many of my users have to first be taught the subtle differences between
typing a delete key vs a backspace. This is both a blessing and a burden.
Bubba and Chainsaw have problems reading the keys and are convinced some of
them are spelled wrong. I am starting to think that 'num lock' should have
been labeled 'numb lock'. The only disgruntled employee that caused problems
has now 2 felony convictions for data tampering and took 10 minutes to fix
and was documented with 100 pages of logs. I didn't think she was that
stupid, but she proved me wrong.

As far as a trojan sniffer goes, with everything on switches instead of
hubs, how would one sniffer ever see the packet passed between anybody else?
>From all the network monitoring tools (professional sniffers) documentation
that I have read, switches defeat these tools from operation. How wouldn't
it also defeat malicious sniffers? If there are sniffers that can blow
through switches, then I need to get software made by these folks as the
expensive stuff isn't up to the task.

Understanding how something can blow through a switch will help me protect
against it.

I have wifi, but all (both) access points are secure.

So far my only hack (knock on wood) was when I had a RedHat machine that had
port 22 ssh open. So now I do, and I advise others to lock that down tight
as well. Without doubt, ssh port 22 is not immune.

I do not deny that some super clever trojan could eat my lunch, but as of
today I have read nothing about anything capable of reading packets that are
not directed to their port on an unmanaged switch.

I guess I consider myself a realistic paranoid. One actual example of a
switch blowing sniffer would get me to change immediately, but zero won't.

Bill Watson
bill at magicdigits.com

-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com] On
Behalf Of Sean Countryman
Sent: Thursday, June 29, 2006 12:31 PM
To: Red Hat Network Users List
Subject: RE: [rhn-users] Root login with telnet

Let me get this straight.  You actually trust your users?  You are certain
that they don't have the capability to install a sniffer?  Are you really
sure that they haven't accidentally installed a Trojan by clicking on some
web site or opening some email?  You are really sure that they haven't
opened up their desktop to some determined hacker somewhere who is now using
their desktop to scan you network so that he/she can extend their influence
and grab more machines on your network..?

You are sure that there isn't an insecure WiFi port somewhere that
broadcasts out to a parking lot across the street?

You are sure that one of your employee's 15 year old kids hasn't came to
work today with their laptop and plugged into your network?

Don't think it can't happen to you, that's the worst sort of security
problem you can have.  If there is any Internet connectivity in your
organization at all, then you have to be as paranoid as possible at all
times or you will eventually be hacked.

As for your switches protecting you...  don't bet the farm on it.  There are
many possibilities that might allow somebody to still sniff your network.
Don't ever feel safe or comfortable, you loose your edge as an
administrator.  You have to constantly think of every possible security flaw
you system might have and actively defend your network against these things.

I heavily recommend you pick up some books on hacking and read them (even
setup a sandbox network to test things out yourself).  The first time you
see the results of how easy it can be to break into your own network, you'll
see why people are suggesting you don't use telnet for your root account.
Frankly, I haven't used telnet since the '99; I only use SSH and never as
root directly.  I always log in as a non-privileged account and then su to
root.

Never, ever, ever trust anyone.  Your job is to defend your network and
protect the data.  There is no such thing as being too paranoid.  Trust me,
hack your own network and you'll never rest easy again.

- Sean

On Thu, 2006-06-29 at 12:10 -0700, Bill Watson wrote:
> I have heard often the trauma of sending passwords in clear text over 
> the network. If one has port 23 isolated from the internet and in a 
> typical office environment, is there still risk? There is zero chance 
> that any employee is capable of such interception, and the network 
> switches wouldn't allow said person the opportunity if they could.
> 
> Please explain the actual risks so I am enlightened.
> 
> Thank you,
> Bill Watson
> bill at magicdigits.com
> 
> -----Original Message-----
> From: rhn-users-bounces at redhat.com 
> [mailto:rhn-users-bounces at redhat.com] On Behalf Of Joe Ogulin
> Sent: Thursday, June 29, 2006 12:00 PM
> To: Red Hat Network Users List
> Subject: Re: [rhn-users] Root login with telnet
> 
> 
> Michael Chien wrote:
> > Hi all,
> > 
> > I've noticed that when trying to telnet into RHEL AS 4, and NOT 
> > using
> > SSH, I am unable to log in as root directly, I have to log in as user 
> > and SU.
> > 
> > But with SSH connection, I can login with root account straight 
> > away.
> > 
> > Is there a way to change this security feature so direct root login
> > can be done with regular telnet?
> 
> There probably is (I'm not going to bother researching it), but it is 
> a really bad idea to do that, as the telnet protocol sends clear text 
> passwords over the network... assuming you are not on a kerberized 
> system/subnet.
> 
> Realisitically, you should also edit /etc/ssh/sshd_config
> and change the "PermitRootLogin" option.  Setting it to 
> "without-password" will allow you to log in if you have the 
> appropriate /root/.ssh/authroized_keys permissions.
> 
> Joe
> 

_______________________________________________
rhn-users mailing list
rhn-users at redhat.com https://www.redhat.com/mailman/listinfo/rhn-users