Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!mcsun!cernvax!achille
From: achille@cernvax.UUCP (achille petrilli)
Newsgroups: comp.sys.apollo
Subject: Re: Root login over TCP/IP network
Keywords: SR10.1
Message-ID: <1109@cernvax.UUCP>
Date: 5 Oct 89 11:03:34 GMT
References: <282@hhb.UUCP>
Reply-To: achille@cernvax.UUCP (achille petrilli)
Organization: CERN European Laboratory for Particle Physics, CH-1211 Geneva, Switzerland
Lines: 35

In article <282@hhb.UUCP> leonh@hhb.UUCP (leon howorth) writes:
>This may have been covered before, but I missed the information. 
>
>My question is: What entries do I need to make to an SR10.1 apollo 
>systems /etc/ttys file in order to permit root login over the TCP/IP 
>network. My existing /etc/ttys file on the apollo node is as follows:
>
... 
>-- 
>Leon A. Howorth			|  UUCP:  ....princeton!hhb!leonh
>Computer Operations Manager	|  ARPA:  leonh%hhb@princeton.edu
>HHB Systems			| VOICE:  201-848-8000 ext. 243
>Mahwah, New Jersey 07430	|   FAX:  201-848-8189

I changed /etc/ttys to prevent anybody (root included and me excluded)
from logging in via telnet/rlogin to my node. Here it is my /etc/ttys,
you just have to change "off" to "on" to tell the system that each port
is secure. 
#
# ttys - terminal initialization data
# 
#device  getty/program      term    on/off  other flags  comment

console	"/etc/dm_or_spm"   apollo  on             # use mkcon to redirect console output
ttyp0	none		dialup		off
ttyp1	none		dialup		off
ttyp2	none		dialup		off
...
ttypf	none		dialup		off

For those of you who don't know how to turn off all other user accounts
from my node, I created a /etc/d_users file containing just my user name.
Hope this helps,
	Achille Petrilli
	Cray & PWS Operations