true. all true. However I use telnet only on my small network of 192.168.1/24 (which is about 5 machines overall).
So basically, I know what I'm doing, thanks. I never really did like some of the ssh clients for some reason, so I just use whatever's I'm comfortable with (usually just the base telnet/xterm/whatever_window_comes_with_the_gui/console, an old telnet software for windows that ive used for years). Across long distances I'm not stupid to use telnet however. I use ssh regularly, and I've been known to ocassionally tunnel telnet (and some http) thru port 22 also. I dont believe I've never knowingly exposed login passwords on the internet since 2000. I also give away pop and ftp accounts (to my friends). I give them the /sbin/nologin shell for that. What can I do, cant persuade everybody to use sftp. On the other hand, I also have another computer that has installed on it, ssh auth keys for directly logging in of my other machines (local & my friends machine offsite) (its programmed to do something everynite), so no telnet on that--the only thing running there is sshd. And it has a completely different set of passwords. (If i had a spare keyboard & monitor I would've just run no service on it.) different rules for a different purpose. Yur hatred of telnet is understandable, but some of us (including in our day office job) actually still like it--it still has a place. but thanks for your inputs. jondz On Mon, 2003-09-15 at 03:38, Rafael 'Dido' Sevilla wrote: > On Mon, Sep 15, 2003 at 02:35:58AM -0400, JondZ wrote: > > alternatively, if you need to use telnet , open it but > > control it thru tcp wrappers (/etc/xinetd.d/telnet in > > newer redhat). I use telnet but allow only allow hosts > > from my local net. Works great. > > > > Until someday someone decides to install a password sniffer on a box on > your local network and sees all of your passwords going by in the clear. > It is then a simple matter to hijack one of your tcp wrappers trusted > hosts and access your supposedly "safe" host. Or if someone decides to > mount an IP spoofing attack and pretends to be the target to one of your > wrapped hosts (still possible with ssh, but not if you use it the way it > is supposed to be used). IP addresses should never be considered > trusted, not unless there is a cryptographic certificate of some sort > standing behind it. Granted ssh does a less than optimal job of > managing these trust relationships (the old versions of SSH blindly > added certificates to the ~/.ssh/known_hosts file for instance), but it > at least provides a framework on which you can do this. Strong > authentication is an absolute necessity in this day and age, and getting > into bad habits in this respect on what you might mistakenly feel are > "safe" local networks ay translate into those same bad habits being used > on dangerous public networks. In my mind, that's a good enough reason > to deprecate the protocol altogether and never use it at all. > > Better not to use telnet at all, ever again. There are decent, Free ssh > clients available even for lesser OSes like Windows that are better than > the really terrible telnet client that MS appears to have shipped along > with Windows as an afterthought, so that is no longer an excuse. The > only good telnet or ftp is a Kerberized one. > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- JondZ <[EMAIL PROTECTED]> -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
