netbsd-help: Re: ssh & netbsd

Subject: Re: ssh & netbsd
To: Brian Stark <netbsd-help@netbsd.org>
From: None <phaeton@phaetonic.cx>
List: netbsd-help
Date: 11/13/1999 02:03:19
I could be wrong, but you probably want to edit /etc/sshd_config or
sshd_config, wherever it may be, and look for the option to disable root
logins.

----- Original Message -----
From: Brian Stark <bstark@uswest.net>
To: <netbsd-help@netbsd.org>
Sent: Saturday, November 13, 1999 1:33 AM
Subject: ssh & netbsd


> Hello,
>
> I installed ssh from the package collection today and I noticed that my
> defintions of secure terminals in /etc/ttys are being ignored when
> using ssh. For example:
>
> callisto:bstark$ tty
> /dev/ttyp5
> callisto:bstark$ ssh -l root callisto
> root@callisto's password:
> Last login: Sat Nov 13 03:23:11 1999 from localhost
> NetBSD 1.4.1 (CALLISTO) #5: Sat Nov  6 00:20:51 CST 1999
>
> You have new mail.
> callisto:root# cat /etc/ttys | grep secure
> console "/usr/libexec/getty Pc"         pc3     off secure
> ttyE0   "/usr/libexec/getty Pc"         vt220   on  secure
> ttyE1   "/usr/libexec/getty Pc"         vt220   off secure
> ttyE2   "/usr/libexec/getty Pc"         vt220   off secure
> ttyE3   "/usr/libexec/getty Pc"         vt220   off secure
> tty00   "/usr/libexec/getty std.9600"   unknown off secure
> tty01   "/usr/libexec/getty std.9600"   unknown off secure
> tty02   "/usr/libexec/getty std.9600"   unknown off secure
> tty03   "/usr/libexec/getty std.9600"   unknown off secure
> tty04   "/usr/libexec/getty std.9600"   unknown off secure
> tty05   "/usr/libexec/getty std.9600"   unknown off secure
> tty06   "/usr/libexec/getty std.9600"   unknown off secure
> tty07   "/usr/libexec/getty std.9600"   unknown off secure
> callisto:root# tty
> /dev/ttyp0
> callisto:root# w
>  3:28AM  up  3:43, 5 users, load averages: 1.25, 1.14, 0.93
> USER    TTY FROM              LOGIN@  IDLE WHAT
> bstark   E0 -                12:51AM  2:36 /usr/X11R6/bin/xinit -- -bpp 16
> root     p0 localhost         3:28AM     0 w
> bstark   p2 :0.0              2:50AM     0
> bstark   p5 :0.0              1:40AM     0 ssh -l root callisto
> callisto:root# exit
> Connection to callisto closed.
> callisto:bstark$ login root
> Password:
> root login refused on this terminal.
> login:
>
>
> >From the above example you can see that root logins should only be
> allowed on ttyE0, but by using ssh root was able to login on ttyp0.
> Exiting out of ssh, and trying to login as root does fail (as
> expected).
>
> Can anyone explain this? I would like to have ssh setup on my system
> so that I can use that to access the system via the Internet, and at
> the same time know that the root user will not be able to login
> via the Internet using ssh. Am I missing something here??
>
> Thanks,
>
> Brian
> bstark@uswest.net
>