[TriLUG] how does one permit root telnet

Aaron S. Joyner aaron at joyner.ws
Tue Sep 28 09:05:00 EDT 2004 

Ryan Leathers wrote:

>You don't hear this one every day.
>I need to allow root telnet access to a Linux host.
>I think I need to modify /etc/securetty to permit this but I'm not sure
>exactly how, and my experiments so far are fruitless.
>Anyone know?
>
>To prevent a flood of replies encouraging the use of SSH let me just say: in
>this unique case telnet is the ONLY choice.
>
>Ryan
>
>  
>
Okay, this is dangerous.  The use of telnet is bad news to start with, 
but you're sending the root password over the wire in clear text, and 
anyone on that network segment can simply grab it right off, with the 
use of easily available tools in windows (see http://www.ethereal.com).  
So be sure you know what you're in for, and for god's sakes don't do it 
over the Internet.  Telnetting to the machine next to you on the desk on 
a single switch is Okay, but only in some technical not-happy sense of 
"Okay". 

Having said that... on with answering your question.  You can login as 
root via telnet if you add the appropriate tty entries to your 
/etc/securetty file.  What "the appropriate tty entries" are for your 
system depends on how new / old it is.  On a modern system (read: most 
distributions with a 2.4 kernel and newer), it should be something along 
the lines of some entries like this:
pts/0
pts/1
pts/2
pts/3

Essentially what you're adding at the UNIX98 pseudo-terminals that you 
end up logging in on.  To see what those are, login to the box via 
telnet as a regular user, and then run "who" or "w", which will print 
out something akin  to this:
  7:58am  up 56 days, 22:11,  1 user,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
asjoyner pts/0    <obscured for posting>  7:58am  0.00s  0.12s  0.02s  w

The TTY entry is an example of what you want to add to /etc/securetty.  
Remember to add as many of the ttys as you think it's like that people 
will be logged in at a time.  I'd add at least 4.  That ought to get you 
started down the path to destruction.  Please tread lightly and remember 
not to pet the 3-headed dog on your way in.

Aaron S. Joyner

More information about the TriLUG mailing list