10 Mar
2017
10 Mar
'17
10:38 p.m.
On Fri, Mar 10, 2017 at 08:25:25PM +0800, Jason Stevens wrote:
I've now got it working and it made me think a
little.
In order to do these "serial ports over TCP" things, we basically are
putting login prompts out to the Internet. Is it possible to restrict
things so the only user allowed on ttyN is 'uucp', or should I just
put in iptables rules to only allow traffic from my UUCP peers?
john
Use the 4.3BSD branch. In these systems, I've set the serial ports
as insecure in /etc/ttys, so people can't login as root. Then, remove
all users from the password file (with vipw) except root and uucp. Or,
keep one non-root user for you to login as.
If you leave vax780 running in 'screen', you can still login as root there.
Cheers, Warren