On Tue, 13 Mar 2001, Larry Colen wrote:

# Adam,
#
# 1) logging in via telnet is usually what's known as a "bad idea".
#    Passwords are passed "in the clear" anyone with a sniffer can get
#    your password.

This I won't argue with.

#
# 2) logging in as root is usually what's known as a "bad idea".
#    You want to spend as little time as root as you can lest you
#    accidentally do something like rm -rf . from /.

This I won't argue heavily with; I think this is a matter of taste.
In my current work environment, we need to be sshing around as root
a lot, or not at all.  It's rare that "su" falls into play.

Personally, I like working in an environment where we can get our
work done (security pundits be damned); we used to restrict it when we were
back at rsh, but ssh is a different matter.

Your tastes may vary.

# What to do?
#
# 1) Create a user account.
#
# 2) Log in as that user via ssh.
#
# I think that my netbsd 1.5 installed with sshd running.
#
# There is a configuration file that can specifically allow/disallow
# root telnet. You really don't want to be sending your root password
# over the net in the clear.

That's a no-brainer, certainly.

				--*greywolf;
--
*BSD: Mach 3 stealthOS, undetectable by media radar.