Hi!

I have been using Slackware Linux since 90s and never seen this issue before. But something has changed with Slackware Linux 15.0

Back in the days (Even the previous Slackware 14.2), you would comment out all the ttys in /etc/securetty to disallow direct root login. But my currect /etc/securetty looks like this:

console
tty0
tty1
tty2
tty3

...and I am still able to login to the machine by telneting to it.

Does anyone know how to fix this? This is obviously a HUGE security risk that was not addressed before Slackware 15.0 was released. Slackware 15.0 was the first version to introduce PAM, and no matter what I add to the /etc/pam.d/login file I am still able to login directly to the root account using telnet. Does anyone have any idea?

(I typically login using telnet to my username and then from there if I need root access I would use: su - )

https://www.linuxquestions.org/quest...s_lq/icon8.gif

TIA!

But you know that telnet has no security, don't you?

2 members found this post helpful.

Yes I know, it is used on a local network only with no other users.

So, was the problem solved when you tried the correct PAM config file name /etc/pam.d/remote ?

1 members found this post helpful.

Thats it!! My distribution did not come with the file /etc/pam.d/remote. Not sure why! I kept messing around with /etc/pam.d/login but had no effect! As soon as you mentioned the remote file I copied the content of /etc/pam.d/login (as you mentioned) and here we go! It works!

Just to add...I had no previous experience with PAM. This was the first distribution of Slackware that came with PAM enabled and installed.

Thanks again for your input!! It helped alot!

Darko

Uuummm....

As you point out, you only use telnet locally.

So, to prevent such a really bad security risk from the WAN...
close port 23 on your router so that telnet can _only_ be used on the LAN

Here on my router, the _only_ port that is open to the WAN is 80 for httpd
all other ports such as 21, 22, 23, etc...etc.. are closed to the WAN
so that their services can only be used on the LAN

BTW, a much better method for accessing machines within the LAN is ssh instead of telnet
and of-course, rsync works great for transferring files between machines on the LAN

2 members found this post helpful.

Hopefully an isolated network. Otherwise, the intruder who compromises any device on the local network can mine your TELNET packets for plaintext passwords, replay them, and become root on your system.

1 members found this post helpful.

I have ports 21 through 23 all blocked on my Cisco firewall. SSH is available just on a different high random port that I assigned. When I had ssh on a standard port 22, there were soooo many attempts and they were continuous! These bots or people just dont give up!

As far as telnet goes..yeah its just a quick way for me to hope from switch to local machines (You can probably tell I have used linux since 90s haha), but yes telnet and all unencrypted traffic is closed on my Cisco firewall (Except port 80 for the http).

Yeah its a bit isolated on my second segment of my router...but yes you are right!

I have a soft spot in my heart for early protocols, but in your shoes I would switch to ssh instead of taking the risk.