20 Dec
2021
20 Dec
'21
12:18 a.m.
BTW Josh Dersch (I don?t know if he is here) posted this on Facebook. I logged in and
couldn?t resist dropping a shell script to telnet to my DZ. that?s the driver for this
sudden worry about security.
? It was getting cold here in the basement today so I fired up the 11/750, running
4.3bsd-quasijarus. If anyone wants to play around with it, ssh to vax750 at
yahozna.dyndns.org (pw: vax750) and then login again as "guest"... tell your
friends!?
---
Supratim Sanyal, W1XMT
QCOCAL::SANYAL via HECnet
On Dec 19, 2021, at 6:07 PM, Johnny Billquist <bqt
at softjar.se> wrote:
?And by the way, I would really just change what hours you are allowed to log in as
local. I wouldn't start mucking about with the line attributes.
Also, I'd create a second user with SETPRV, and then you can mess up SYSTEM as much
as you want. Then it's easy to recover with your other user.
Johnny
On 2021-12-20 00:05, Johnny Billquist wrote:
I think the console is *always* possible to log in on, no matter what else you do.
And beyond that, you can always also just break into the system at boot on the console,
and change accounting information. So it's always recoverable.
Johnny
> On 2021-12-20 00:02, Supratim Sanyal wrote:
> Ok. A couple of things to try. Wanted a confidence boost to not lock myself out.
Thanks.
>
>> On Dec 19, 2021, at 5:49 PM, Johnny Billquist <bqt at softjar.se> wrote:
>>
>> ?Yes, or /REMOTE... But, by default, a DZ line would be classified as local. If
you set them as remote or dialup, it should also start playing with modem signalling...
>>
>> Johnny
>>
>>> On 2021-12-19 23:47, Keith Halewood wrote:
>>> Don?t you just set the line characteristics with
>>> SET TERM/DIALUP TT?.. and that?s classed as non-local?
>>> K
>>>>> On 19 Dec 2021, at 22:39, Johnny Billquist <bqt at softjar.se>
wrote:
>>>>
>>>> ?Uh... You do understand what the line "local" means, right?
>>>> That's what your DZ lines normally would be classified as.
>>>>
>>>> Johnny
>>>>
>>>>> On 2021-12-19 23:23, Supratim Sanyal wrote:
>>>>> OpenVMS VAX 7.3: This stops remote logins to SYSTEM even if correct
password is provided (works for set host and telnet with Digital TCP/IP, though my version
of MULTINET does not honor it).
>>>>> Is there a way to deny SYSTEM account access when correct password is
provided from DZ lines?
>>>>> Network: ----- No access ------ ----- No access
------
>>>>> Batch: ##### Full access ###### ##### Full access
######
>>>>> Local: ##### Full access ###### ##### Full access
######
>>>>> Dialup: ----- No access ------ ----- No access
------
>>>>> Remote: ----- No access ------ ----- No access
------
>>>>> Thank you.
>>>>> Supratim
>>>>
>>>> --
>>>> Johnny Billquist || "I'm on a bus
>>>> || on a psychedelic trip
>>>> email: bqt at softjar.se || Reading murder books
>>>> pdp is alive! || tryin' to stay hip" - B.
Idol
>>
>> --
>> Johnny Billquist || "I'm on a bus
>> || on a psychedelic trip
>> email: bqt at softjar.se || Reading murder books
>> pdp is alive! || tryin' to stay hip" - B. Idol
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol