[nycbug-talk] A couple of security related questions

[Bjorn Nelson]

Kevin,

> : I only want people to be able to log in as root from the console, no 
> ssh,
> : telnet is totally disabled.
>
> By default, root is denied login access via SSH, but a user can login 
> and do
> "su" to root.  I'm not sure if that's what you're talking about though.
> (That applies not only to BSD, but also in Linux.)

I think he is asking if there is a way to do the equivalent of setting 
CONSOLE=/dev/console in /etc/defaults/login in Solaris.  I don't know 
of an equivalent, but as you mentioned, you can do a lot of 
authentication tricks in ssh: user, group, key allow for instance.

-Bjorn