I DO wish people would face reality :P and recognize that the systems that get delivered "out of the box" with secure telnet enabled on them = zero. While there are secure telnet implementations available, they require additional work to get them installed and configured. The kind of people who know about things like that don't ask these kinds of questions on this mailing list.
When the additional effort to implement OpenSSH = none, and secure telnet = non-zero, most people who care about security will go with the path of least resistance, particularly since things like scp and sftp come along "for free." When the Linux distribution providers start making secure telnet a part of their packaging, I'll stop warning people away from telnet. Mark Post -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Tuesday, March 02, 2004 11:18 AM To: [EMAIL PROTECTED] Subject: Re: Redhat Version 3 On Tuesday, 03/02/2004 at 10:35 EST, "Post, Mark K" <[EMAIL PROTECTED]> wrote: > I would expect that telnet is not enabled by default, which is a good thing, > since it is inherently insecure. I DO wish people wouldn't say things like that. While folks may *choose* not to use (or ignore the existence of) a secure telnet implementation, they do exist. Just wrap telnet in an SSL/TLS wrapper and you can use secure telnet clients (e.g. IBM PCOMM, Seagull Bluzone 3270, ...). On a side note, remember that encryption levels can always be negotiated to "none". Be sure your sessions really are secure. This usually means telling one side or the other that "none" is not one of the available encryption suites. Alan Altmark Sr. Software Engineer IBM z/VM Development
