It was pointed out to me in private e-mail that I mistakenly assumed
telnet to be telnet and not ssh. I'm quoting parts of the private
e-mail I received to the list in the hopes of educating others on the
use of ssh.
On Mon, Oct 30, 2006 at 04:04:34PM -0500, Eric Furman wrote:
| On Mon, 30 Oct 2006 10:12:58 +0100, "Paul de Weerd" <[EMAIL PROTECTED]>
| said:
| > You offered no such thing, I'm afraid. If you haven't used telnet for
| > nearly ten years[1], why do you still type it at the command line ?
|
| telnet is a link to ssh. I thought that was obvious.
Not quite, no. Apart from breaking stuff for your users, you even used
the wrong semantics for ssh (telnet) in your script :
> for box in $BOXES
> do
> { sleep 5;echo "username";sleep 2;echo "password";sleep 2;
> echo"sudo do some command left as exercise for reader";
> sleep 3;echo "exit"; } |telnet $box 2>>/tmp/rcmd.error 1>/dev/null
> done
You first echo "username" and then "password". If you've used telnet
and ssh(1) a few times, you'd know that telnet/telnetd will ask for a
username, ssh/sshd will not. The last combination defaults to your
current username or takes the one given on the commandline.
If you knew a bit about the inner workings of both, you'd also know
why this is. Your example script uses telnet-style semantics and the
telnet-commandname. That makes it somewhat unlikely that it really is
the ssh-binary you're executing. Unless of course you have no
experience in writing scripts like these, in which case I see no
reason for you to bad mouth Otto for voicing his opinion *against*
your script.
| > Don't pipe sleep and echo's (esp. passwords) to telnet. Not a good
|
| It's not actually telnet.
This is wrong in sooooo many ways. If you want to prevent your users
from using telnet, replace telnet with a `echo telnet is deprecated,
use ssh in stead`-script. But as I indicated in my original e-mail,
there's a lot of use for telnet(1), so you may not want to do this.
You keep using telnet when you really shouldn't be using this. When
you or your users are on another system, you'll stick to using telnet.
This is soooo wrong.
Educate yourself and your users. Learn to use ssh. Even on trusted
networks - it's just good practice.
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
[demime 1.01d removed an attachment of type application/pgp-signature]
