allow root rlogin from certain hosts?

allow root rlogin from certain hosts?

Post by Ruediger Winkelma » Fri, 08 Oct 1999 04:00:00



Greetings!

I know you can specify the allowed ttys for root-logins but
I was wondering if there is a way to enable remote login as root
for certain hosts instead. I was thinking of hosts listed in
/etc/hosts.equiv which to my impression would really make sense
(in case you think you are rather safe from ip-spoofing of course).
Is there a possibility to enable this which eluded me so far?

BCNU
 Ruediger

--

http://www.gargoyles.ch/duncan            May the winds be with you!

 
 
 

allow root rlogin from certain hosts?

Post by Fabrice Lhomm » Sat, 09 Oct 1999 04:00:00


Quote:> I know you can specify the allowed ttys for root-logins but
> I was wondering if there is a way to enable remote login as root
> for certain hosts instead. I was thinking of hosts listed in
> /etc/hosts.equiv which to my impression would really make sense
> (in case you think you are rather safe from ip-spoofing of course).
> Is there a possibility to enable this which eluded me so far?

You can use tcpwrappers. It can allow/deny access to every services on
your host.

For IP spoofing, the kernel firewall facility allows you to define rules
to reject spoofed IPs.

Fabrice.

 
 
 

allow root rlogin from certain hosts?

Post by Ruediger Winkelman » Sun, 10 Oct 1999 04:00:00


Hello Fabrice!


>> I know you can specify the allowed ttys for root-logins but
>> I was wondering if there is a way to enable remote login as root
>> for certain hosts instead. I was thinking of hosts listed in
>> /etc/hosts.equiv
> You can use tcpwrappers. It can allow/deny access to every services on
> your host.

Well that's not what I was looking for, I didn't want to enable/disable
rlogin in common but I wanted to explicitly -allow- remote login
with user root for a certain list of hosts (on a local network) to my
linux box, to every other host remote login should still be allowed but
only for normal users, not for root (which is the common policy).

BCNU
 Ruediger

 
 
 

allow root rlogin from certain hosts?

Post by Roy Stogn » Sun, 10 Oct 1999 04:00:00



>Well that's not what I was looking for, I didn't want to enable/disable
>rlogin in common but I wanted to explicitly -allow- remote login
>with user root for a certain list of hosts (on a local network) to my
>linux box, to every other host remote login should still be allowed but
>only for normal users, not for root (which is the common policy).

I think you can do this with ssh; check the sshd man page.  You make a
.shosts (or .rhosts) file for root, then set a config variable on sshd
to prevent root logins from hosts not listed.
---
Roy Stogner
 
 
 

allow root rlogin from certain hosts?

Post by Ruediger Winkelman » Mon, 11 Oct 1999 04:00:00


Hello Roy!


>>Well that's not what I was looking for, I didn't want to enable/disable
>>rlogin in common but I wanted to explicitly -allow- remote login
>>with user root for a certain list of hosts (on a local network) to my
>>linux box, to every other host remote login should still be allowed but
>>only for normal users, not for root (which is the common policy).
> I think you can do this with ssh; check the sshd man page.  You make a
> ..shosts (or .rhosts) file for root, then set a config variable on sshd
> to prevent root logins from hosts not listed.

I know it's possible to log in as root via ssh (and I don't have any
objections against loggin in from anywhere as root using ssh, it's
safe enough for my purposes) but I can't seem to get sshd to work
properly on my local box. I can log in to a comp at college using
my ssh at home but for some reason it won't work the other way round
or from my first local comp to the other.
When I try to log in, sshd complains about "bad modes for /root".
Neither the debug-option for ssh nor for sshd gives me any further
hints about the error.

BCNU
 Ruediger

--

http://www.gargoyles.ch/duncan            May the winds be with you!

 
 
 

allow root rlogin from certain hosts?

Post by Roy Stogn » Mon, 11 Oct 1999 04:00:00



>I know it's possible to log in as root via ssh (and I don't have any
>objections against loggin in from anywhere as root using ssh, it's
>safe enough for my purposes) but I can't seem to get sshd to work
>properly on my local box. I can log in to a comp at college using
>my ssh at home but for some reason it won't work the other way round
>or from my first local comp to the other.
>When I try to log in, sshd complains about "bad modes for /root".
>Neither the debug-option for ssh nor for sshd gives me any further
>hints about the error.

That's why you've got the source code.  ;-)

It looks like sshd is complaining about the permissions on the /root
directory being too lenient.  Is your /root directory world writeable?
If so, *fix it now*.  I don't think sshd will complain if the
directory is just world readable, but you might want to check on that
too just in case.  And the actual rhosts files themselves probably
shouldn't be world readable or writeable.
---
Roy Stogner