Wednesday, October 29, 2008

How To Enable Telnet For Root User

How To Enable Telnet For Root User

Just add entries to the end of /etc/securetty file :
...
pts/0
pts/1
pts/2
...
pts/10

I mistakenly entered 'pts0' etc. It should be 'pts/0' . There was no
need to restart in ReadHat 7.x. I could telnet as root both from WinNT
and another Linux host.

Using SSH is highly recommended as telnet as root is a definite secuirty
risk.

HTH
----------------------------------------------------------------------
You really shouldn't do this, you should login as another user and then
use 'su' to access the root account.
( Actually, you should disable telnet altogether and use ssh instead =)

The reasons for that are as follows:

1) Telnet is not an encrypted protocol. This means that any network you go through on your way to your system has the potential to sniff the packets you are sending, and gain the data you are transmitting, including your root password.
( Note that using su doesn't solve this problem.)

2) Instead of having to hack a user account first and THEN root, an intruder can go straight for the root account, so you have pretty much cut the time for a brute-force attack in half.

But, putting all security concerns aside, if you edit /etc/securetty and add pts[0-f] ( formerly ttyp[0-f] ) you should be able to login as root via telnet. ( Unsure if you need to reboot or not ).

This file controls which terminals root can login from, and ptsx are the ports used when telnetting into linux. ( On Redhat 6.2 anyway )

Alternatively, you can edit the /etc/pam.d/rlogin file and comment out the line:

auth required /lib/security/pam_securetty.so

which will disable the use of the securetty file altogether.
( Very much _not_ recommended, but I thought I should mention it )

Hope that helps.

These folks are right, you should disable telnet and use ssh only. Beyond that you should set ssh to refuse a root login. Login as a normal user and su to root.

No comments: