netbsd-help: ssh & netbsd

Subject: ssh & netbsd
To: None <netbsd-help@netbsd.org>
From: Brian Stark <bstark@uswest.net>
List: netbsd-help
Date: 11/13/1999 03:33:45
Hello,

I installed ssh from the package collection today and I noticed that my
defintions of secure terminals in /etc/ttys are being ignored when
using ssh. For example:

callisto:bstark$ tty
/dev/ttyp5
callisto:bstark$ ssh -l root callisto
root@callisto's password: 
Last login: Sat Nov 13 03:23:11 1999 from localhost
NetBSD 1.4.1 (CALLISTO) #5: Sat Nov  6 00:20:51 CST 1999

You have new mail.
callisto:root# cat /etc/ttys | grep secure
console "/usr/libexec/getty Pc"         pc3     off secure
ttyE0   "/usr/libexec/getty Pc"         vt220   on  secure
ttyE1   "/usr/libexec/getty Pc"         vt220   off secure
ttyE2   "/usr/libexec/getty Pc"         vt220   off secure
ttyE3   "/usr/libexec/getty Pc"         vt220   off secure
tty00   "/usr/libexec/getty std.9600"   unknown off secure
tty01   "/usr/libexec/getty std.9600"   unknown off secure
tty02   "/usr/libexec/getty std.9600"   unknown off secure 
tty03   "/usr/libexec/getty std.9600"   unknown off secure
tty04   "/usr/libexec/getty std.9600"   unknown off secure
tty05   "/usr/libexec/getty std.9600"   unknown off secure
tty06   "/usr/libexec/getty std.9600"   unknown off secure
tty07   "/usr/libexec/getty std.9600"   unknown off secure
callisto:root# tty
/dev/ttyp0
callisto:root# w
 3:28AM  up  3:43, 5 users, load averages: 1.25, 1.14, 0.93
USER    TTY FROM              LOGIN@  IDLE WHAT
bstark   E0 -                12:51AM  2:36 /usr/X11R6/bin/xinit -- -bpp 16 
root     p0 localhost         3:28AM     0 w 
bstark   p2 :0.0              2:50AM     0 
bstark   p5 :0.0              1:40AM     0 ssh -l root callisto 
callisto:root# exit
Connection to callisto closed.
callisto:bstark$ login root
Password:
root login refused on this terminal.
login: 


From the above example you can see that root logins should only be
allowed on ttyE0, but by using ssh root was able to login on ttyp0.
Exiting out of ssh, and trying to login as root does fail (as 
expected).

Can anyone explain this? I would like to have ssh setup on my system
so that I can use that to access the system via the Internet, and at
the same time know that the root user will not be able to login 
via the Internet using ssh. Am I missing something here??

Thanks,

Brian 
bstark@uswest.net