TTY and PTY Terminals
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey, there cyberians and welcome back to
00:00
the Linux plus course here at cybrary,
00:00
I'm your instructor Rob Gels and in today's lesson,
00:00
we're going to be talking about TTY and PTY terminals.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to understand the purpose
00:00
of TTY and PTY terminal types.
00:00
We're going to talk about using terminal types in order
00:00
to limit root access and how
00:00
we can use the ETC
00:00
secure TTY file to restrict root logins.
00:00
In Linux, TTY is this subsystem for terminal access.
00:00
In other words, the console,
00:00
the terminal, the command line,
00:00
whatever we want to call it.
00:00
TTY is actually short for teletype.
00:00
Teletypes were a system of hardware interfaces,
00:00
they were used to send telegrams
00:00
and they were on the telex network.
00:00
These were used on early computer systems
00:00
as the IO devices,
00:00
early human interface
00:00
because they were already out there.
00:00
They were already doing that to
00:00
>> send telegrams to people.
00:00
>> Instead, they just hook them up and
00:00
had them work with computers.
00:00
In the modern Linux system though,
00:00
a TTY is a device file,
00:00
and TTY device files come in
00:00
two different types or two different flavors.
00:00
There's the TTY terminal,
00:00
the real TTY and this is
00:00
when we have direct access to a Linux system.
00:00
We're standing in front of it.
00:00
We have a keyboard monitor and
00:00
>> mouse KVM connected to it,
00:00
>> maybe a crash cart,
00:00
or its a Linux system that's running on
00:00
a laptop and we can log
00:00
into it directly. It's right in front of us.
00:00
We have access to the shell or
00:00
the console physically on the system.
00:00
These type of TTY files are
00:00
found in the device directory.
00:00
The vice subdirectory dev TTY,
00:00
and we can see in the upper right-hand corner,
00:00
the image there,
00:00
in this case, is Dev TTY is zero through nine.
00:00
Now, by comparison,
00:00
PTY terminals or pseudo TTY terminals can be
00:00
accessed by a terminal application running in
00:00
a GUI and if you remember back a while ago,
00:00
I had done an example where I had changed
00:00
to a different interface where it was
00:00
just a text-based interface by doing
00:00
an F1 on my system and then when I
00:00
came back in and we
00:00
displayed the terminal that
00:00
>> I was running, it said PTS zero.
00:00
>> Well, that's because I was running
00:00
the terminal application in a GUI in the VM.
00:00
These types of terminals
00:00
are ones that are not actually
00:00
physically in front of the machine.
00:00
They're running from a GUI and a
00:00
lot of times it's also when you remotely
00:00
connecting and accessing that terminal over SSH.
00:00
This basically is just, we're using this.
00:00
We're not actually in front of
00:00
the system sources, pseudo TTY,
00:00
and these are found in the dev
00:00
PTS directory and then they're
00:00
given a number for each one of
00:00
these pseudo terminals that we're using,
00:00
we can see zero and one are
00:00
an example there in the lower
00:00
>> right-hand corner as well.
00:00
>> Now on most Linux systems,
00:00
it is a best practice to use
00:00
pseudo rather than using the route to login
00:00
and some systems administrators even go as far as to
00:00
disable the root account and entirely for logging in.
00:00
But I think that's a little too far.
00:00
Another way that's a little bit easier to do it is
00:00
that you can limit the locations.
00:00
In other words, the terminals are TTY
00:00
is where the root user can log in.
00:00
This can be configured by using a PAM module.
00:00
The module is PAM underscore secure TTY dot
00:00
SO and then modifying
00:00
the ETC secure TTY configuration file.
00:00
As an example that secure TTY file ETC
00:00
secure TTY limits your logins
00:00
to only the devices that are specified in the file,
00:00
only the TTYs that are written in there.
00:00
Wireless system may have 64 TTY files.
00:00
If we're physically in front of a console,
00:00
we can really only use 12 configured TTY sessions.
00:00
This is because if you look down at your keyboard,
00:00
we have F1-F12 and so to use all of
00:00
>> those TTY we would do Alt F1 to change to
00:00
>> TTY1 all the way up to alt F12 to change to TTY12.
00:00
That's the only thing that we could do
00:00
physically from the system in front of it.
00:00
Therefore, if we want to limit
00:00
the ability of root to login to
00:00
only physical access in front of the console.
00:00
We can specify just those TTYs in at CTC security TTY.
00:00
We would just put in TTY1 through TTY12 and then
00:00
nobody can log in as root
00:00
unless they're standing right in front of the system.
00:00
But with that, we've gotten to the end of this lesson.
00:00
In this lesson, we covered the purpose of
00:00
the TTY and PTY terminal types.
00:00
We talked about how terminal types
00:00
can be used to restrict free login.
00:00
Then we talked about limiting root login by
00:00
modifying the ETC security TTY file.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
