On Fri, 4 Aug 1995, Darren Reed wrote:
> What I'd like to propose is that firewalls and other systems which
> require the use of reuseable passwords take preventative measures,
> to stop a potentially harmful/critical password being entered across
> an insecure medium. ie if it sees the username "root" given to the
> "login:" prompt, it drops the connection immeadiately with no
> "Password:" prompt sent back. And it does the same for anyone who has
> a trusted account (ie group wheel, etc). You may wish to alter this
> policy for ssh/STEL/deslogin accesses, as appropriate.
> If something already has this behaviour, please point me at it, but as
> far as I am aware, nothing will stop you entering a password if you
> have already entered a username, especially if it is valid.
A properly configured S/Key system will prevent this. The trick is the
/etc/skey.access file to require S/Key from non-local sites. I have a
particular login that does not require S/Key locally, but will not accept
the reusable password remotely. S/Key is required for remote login on
Nothing prevents me from *trying* to enter the password from a remote site
and having it sniffed, but it won't be accepted. A short between the
headphones is a different problem entirely.
The combination of tcp_wrappers, S/Key and logdaemon is a rather
configurable way to tighten access. The logdaemon package in addition
allows configurable use of login names. I have root completely disabled
from all but the local console, for example. Groups can be controlled in
Comments welcome if I have missed something...