Rocky Linux 9 - Disable Telnet For Root User Remotely

previous versions of linux did not allow a root user to be able to login to terminal/console via telnet. You could login as root if you was at server/console only but even on same network you should not be able to login as root directly. Previously you could login as a normal user then su to root but it should never allow a root user to telnet directly in. Any help would be greatly appreciated to hopefully set this up the way it use to be.

Sorry that I crash the party but things are quite different now. So, telnet is a technology that was common 20 years ago. You better use ssh/sshd for console access on your servers now.
Not sure if I need to explain the differences. Briefly, ssh is secure, at least a couple of order of magnitudes.

PS: and there is no difference between telneting+su and telneting+root, both credentials a transmitted in cleartext!

1 Like

Additionally, the default in el9 is that “ssh+root” requires ssh keypair – password (which would be transmitted encrypted) is not allowed for root.

One does “secure” telnet by not having telnet … (which is the default anyway).

Let’s say you install telnet for fun, and it’s allowed through the firewall, would it really allow a standard user to login, e.g. using el9?

yes they still have the package in distribution for install with Rocky Linux 9 and it works just like it always has just scary it would allow root user to login remotely cause it did not use to allow that. A standard user had to login first then su to root to get admin rights unless root logged in from console/server directly. There use to be /etc/securetty file where you could list out where root could login from normally defaulted to console or like tty. It just was very easy to setup and use since we use a tezxt based server and not the graphical interface.

i am aware of that its older technology but still available with rocky 9. I am moving to ssh for security reasons but never had an issue with telnet if proper firewall or iptables was setup to not allow from outside sources

What’s scary is that tenet-server is still available in EL9 at all. There really is no reason to use it.

…and you really shouldn’t be using su much anymore either. Nowadays sudo is used to give users with admin rights the ability run root commands and/or become root using their own password.

Use ssh, it does not require or generally use a GUI. The main difference is that ssh establishes a trusted secure encrypted console session. ssh has been the standard for console logins for well over 20 years now.

Not just “older technology” it has zero encryption and zero security against any kind of MITM or evesdropping attack. Telnet is simply no longer viable for server console logins full stop, especially ones which have any kind of root access at all.

Firewalls are no excuse for using telnet. Security is layered and good security does not rely on a single point of failure. There are many ways in which a firewall can be breached and if that happens then you may as well be leaving the door to your server wide open to attackers.

1 Like