Wouldn't it just be enough to close port 23 with IP chains? I like to leave
myself a "just-in-case" entry if one or the other stops working for what ever
reason so I can be sure to be able to get into my box should I need to. I
have to telnet port closed to all traffice except on IP address for that very
reason.
--
Mark
"If you don't share your concepts and ideals, they end up being worthless,"
"Sharing is what makes them powerful."
Linus Torvalds
On Sunday 14 January 2001 02:39 am, you wrote:
> Can I just add these two things.... Be sure and comment out Telnet in
> either inetd.conf or in xinetd.d .... you'd be suprised how many boxes
> with ssh installed still have telnet running. Second comment out the
> services for telnet in /etc/services. In fact commnet out everything you
> don't use want or know in this section. (if something complains about a
> port it's easier to open it up than it is to repair after a hack job.)
>
> James
>
> just my two cent..... and we all know what two cents will get you these
> days.
>
> On Sat, 13 Jan 2001 17:55:47 -0500
>
> Mark Weaver <[EMAIL PROTECTED]> wrote:
> > Thanks everyone for the info. I've got ssh running on both my workstation
> > and home PC and can connect securely now and that makes me feel a bit
> > better then having everything on an open channel.
> >
> > thanks
> > --
> > Mark
> >
> > "If you don't share your concepts and ideals, they end up being
> > worthless," "Sharing is what makes them powerful."
> >
> > Linus Torvalds
> >
> > On Thursday 11 January 2001 01:13 am, you wrote:
> > > Homepage: http://www.openssh.com/
> > >
> > > In short, ssh works similar to telnet. The difference is that with
> > > telnet, you feed the login name at a prompt. With ssh, you give the
> > > login name on the command line. (ssh user@host) ie:
> > >
> > > [EMAIL PROTECTED]
> > >
> > > If you omit the username (ssh deathstar.empire.com) ssh uses the
> > > username of your current local login.
> > >
> > > The big difference between telnet and ssh is that communications
> > > using ssh travel over an encrypted tunnel whereas communications
> > > with telnet are transmitted in the clear (plaintext). To be able
> > > to ssh into a machine, it needs to be running sshd. Most
> > > configurations run sshd as a standalone daemon and not in inetd (or
> > > xinetd) but you can choose that alternative if you feel so inclined.
> > > If you use the Mandrake RPMs (they come stock with 7.2 and are
> > > available as a download durring install for 7.0 and 7.0), sshd will
> > > be setup for you. Using drakxservices, simply select sshd as one of
> > > the services to start on boot. Alternatively, you can get generic
> > > RPMs from the URL above.They too should show as an option in
> > > drakxservices. You can, of course, manually start and stop the
> > > service by:
> > >
> > > /etc/rc.d/init.d/ssh start
> > > /etc/rc.d/init.d/ssh stop
> > >
> > > The first time you ssh into a host, you will be asked to accept a
> > > key, choose yes and that computer will have an ID in your
> > > ~/.ssh/known_hosts file. Should that key ever change, you will be
> > > notified and should contact the remote machine's administrator to
> > > see if the key should have changed. If you are told it shouldn't
> > > have changed, then you have indication of a security issue such as
> > > a "man-in-the-middle attack". Possible legitimate reasons for key
> > > change include the remote adminstrator deciding to change keys, a
> > > re-install of sshd, and a re-install of the remote server. This
> > > is not an all inclusive list.
> > >
> > > ssh also provides some other benefits including automatic X
> > > forwarding (ssh -X) where you can ssh to a remote machine, start
> > > an X program and have it display on your local machine with no
> > > pre-configuration on your part. The transmission of the remote
> > > program will also take place over your encrypted ssh tunnel.
> > > Finally (of the quick overview), there is scp (secure copy) that
> > > allows you to transfer (encrypted tunnel) files between ssh capable
> > > hosts. 'man scp' for the gory details. Other sources of
> > > information include the man pages for ssh and sshd.
> > >
> > > Good luck and enjoy,
> > >
> > > Woody
