On Wed, 5 Jul 2000, Shachar Shemesh wrote:
> The system will not let you telnet nor ftp as root. This is a security
> feature (I am not sure what it secures, but so be it).
But if you want to disable the use of /etc/ftpusers and /etc/securetty you
can alternatively disable the checks for them in the relevant pam config
files under /etc/pam.d/ (login and ftp, I believe).
>
> I think the best way for you to do this (also in terms of security) is to
> install OpenSSH. It is free, support both versionsof SSH (1 and 2), and
> works great with Linux.
>
> I am not very familiar with Mandrake in particular. If I remeber correctly,
> and it is based on RedHat, you can download the RedHat RPMS. If not, I am not
> sure what you can do besides downloading the main package and compiling and
> installing. You can find everything in http://www.openssh.com. Follow the
> "linux" links on the left, as the main package is built for OpenBSD, and
> several patches are necessary (all there).
Mandrake has an official openssh package. Get the openssl and openssh
packages from:
ftp://iglu.org.il/pub/distributions/Mandrake-crypto/7.1/ (or any othe
rMandrake-crypto mirror)
RedHat has its own official packages (ssh 1.2.27). I don't remeber where
exactly.
>
> Either way, there are a few defaults that you may wish to change. The default
> server key length is 768 bits, which I find a little low. I set it to 1024. I
> also set the default protocol to be SSH2, which is more secure, and doesn't
> use the patented RSA algorithm for authentication (/etc/ssh/ssh_config and
> /etc/ssh/sshd_config).
>
> If you are not installing from an RPM, you may have a bit of trouble getting
> the server to run with PAM (it will tell you your user's password is
> incorrect). Inside the source tree there is a directory called "redhat", in
> which you can find both a ready script to place in the rc directory for
> automatic startup, and a sample PAM file (which you will have to rename to
> sshd from sshd.pam). Again, I am not sure how relevant that is to the
> Mandrake install.
>
> As for an SSH client - if you are using Unix (linux being a Unix for the sake
> of this discussion), simply install OpenSSH there too. If you are using
> Windows, I think the best option is called "TeraTerm", which is free (source
> available, though it is not opensource), along with a plugin called "ttssh".
> This will only give you telnet, not file transfer, but is the best free
> solution I could find.
You can use zmodem for file transfers with ttssh (rz or sz on the server,
and then file->file transfers->smozem->send/recive)
I would also suggest you to spend some time configuring it, as it has some
not-so-useful defaults. But it is a pretty nice terminal emulation.
>
> There is also an almost free solution, which has file transfer, available
> from www.ssh.com. I like its terminal emulation less than TTerm, but it is
> more convinient for ssh operations, and supports SSH2.
And there is also MindTerm from http://www.mindbright.se/mindterm/
It is a nice ssh client, written in java. It can also run as an applet
(and thus you avoid the need to install it in every windows machine). It
also has a nice scp client, and even ftp port forwarding support.
>
> That's it. Just RTFM "ssh" and "scp", and you have a secured solution, that
> will allow you to log in and transfer files as root, while not exposing your
> passwords on the network.
To login as root you will need to change a line in sshd_config
>
> Shachar
>
>
> Richard Fiedler wrote:
>
> > I have Mandrake 7.1 up and running and for maintenance purposes I want to
> > log on remotely as root for telnet and ftp from another system.
> >
> > Right now this seems to be defeated by the system. Can I change this?
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
