leonh@hhb.UUCP (leon howorth) (10/04/89)
This may have been covered before, but I missed the information. My question is: What entries do I need to make to an SR10.1 apollo systems /etc/ttys file in order to permit root login over the TCP/IP network. My existing /etc/ttys file on the apollo node is as follows: ********************************************************************** # # ttys - terminal initialization data # #device getty/program term on/off other flags comment console "/etc/dm_or_spm" apollo on secure # use mkcon to redirect console output display none apollo off secure # DM pad devices tty01 none dumb off secure tty02 none dumb off secure tty03 none dumb off secure ********************************************************************** -- Leon A. Howorth | UUCP: ....princeton!hhb!leonh Computer Operations Manager | ARPA: leonh%hhb@princeton.edu HHB Systems | VOICE: 201-848-8000 ext. 243 Mahwah, New Jersey 07430 | FAX: 201-848-8189
achille@cernvax.UUCP (achille petrilli) (10/05/89)
In article <282@hhb.UUCP> leonh@hhb.UUCP (leon howorth) writes: >This may have been covered before, but I missed the information. > >My question is: What entries do I need to make to an SR10.1 apollo >systems /etc/ttys file in order to permit root login over the TCP/IP >network. My existing /etc/ttys file on the apollo node is as follows: > ... >-- >Leon A. Howorth | UUCP: ....princeton!hhb!leonh >Computer Operations Manager | ARPA: leonh%hhb@princeton.edu >HHB Systems | VOICE: 201-848-8000 ext. 243 >Mahwah, New Jersey 07430 | FAX: 201-848-8189 I changed /etc/ttys to prevent anybody (root included and me excluded) from logging in via telnet/rlogin to my node. Here it is my /etc/ttys, you just have to change "off" to "on" to tell the system that each port is secure. # # ttys - terminal initialization data # #device getty/program term on/off other flags comment console "/etc/dm_or_spm" apollo on # use mkcon to redirect console output ttyp0 none dialup off ttyp1 none dialup off ttyp2 none dialup off ... ttypf none dialup off For those of you who don't know how to turn off all other user accounts from my node, I created a /etc/d_users file containing just my user name. Hope this helps, Achille Petrilli Cray & PWS Operations
weber_w@apollo.HP.COM (Walt Weber) (10/05/89)
In article <282@hhb.UUCP> leonh@hhb.UUCP (leon howorth) writes: >This may have been covered before, but I missed the information. > >My question is: What entries do I need to make to an SR10.1 apollo >systems /etc/ttys file in order to permit root login over the TCP/IP >network. Leon - You need to add entries to /etc/ttys which cover the pseudo-ttys, like this: ttyp0 none dumb off secure You might also wish to look at the manpage for login(1), in case you want additional levels of restriction by using /etc/d_passwd and /etc/d_users files by changing "dumb" to "dialup" for the pseudo-ttys. ...walt... -- Walt Weber Apollo Systems Division, Hewlett Packard (508) 256-6600 x8315 People's Republic of Massachusetts -The views expressed herein are personal, and not binding on ANYONE-