Re: Secure Telnet
Kevin Kinsey wrote: > [EMAIL PROTECTED] wrote: >> Can anyone recommend a port for the secure telnet program, or a source >> where I can obtain one? >> > Interestingly enough, if you take a look at the Makefile in > src/libexec/telnetd/ it seems to indicate that FreeBSD's telnetd is > compiled with SSL support; you might attempt telnet from within the BSD > box and see if it works, as telnet(1) seems to indicate that data is > encrypted by default. Grab packets and see if you can read things like > passphrases ;-) [1] FreeBSD telnet only does the crypto thing when talking to another telnet with the same capability. If it has to connect to a telnet without it will gaily send all your passwords and stuff over the net in plain text... As most Solaris 10 users will tell you after the last few days, telnet is more trouble than it is worth. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Secure Telnet
> [EMAIL PROTECTED] wrote: >> I am working with one of my vendors and they are asking for a secure >> telnet program on my FreeBSD box. >> > > [EMAIL PROTECTED] wrote: > > > What's wrong with ssh? > > Indeed. Perhaps you can tell us what client the vendor is using; it > seems likely that most programs that do "secure telnet" will also talk > to sshd. If they're using Windows (most likely) and don't have a > particular "must use" client, PuTTY is fine, and does SSH and telnet > pretty well. > >> Can anyone recommend a port for the secure telnet program, or a source >> where I can obtain one? >> > Interestingly enough, if you take a look at the Makefile in > src/libexec/telnetd/ it seems to indicate that FreeBSD's telnetd is > compiled with SSL support; you might attempt telnet from within the BSD > box and see if it works, as telnet(1) seems to indicate that data is > encrypted by default. Grab packets and see if you can read things like > passphrases ;-) [1] > >> I was able to make rlogin work (from my laptop), but I was not able to >> use >> rlogion from the FreeBSD box since I need to connect to a non-standard >> port (2002). > > Interesting choice of numbers; ssh is port 22. Are you sure they're not > open to using ssh? > >> As an alternative, is it possible to make the rlogin client >> connect to a non-standard port? >> > I wouldn't think of rlogin as an alternative, and, no, the manpage > doesn't seem to indicate this. Also, unless this system isn't publicly > available (and the need for "secure telnet" from a "vendor" seems to > indicate that this isn't the case), you shouldn't allow rlogin; once > again, ssh can do anything rlogin/rsh can, and do it with encryption. > > Kevin Kinsey > DaleCo, S.P. (Jasper, MO!!! Hi!) > > [1] Keep in mind that there **must** be a reason why SSH is preferred > over telnet, even if telnet supports SSL/Kerberos/TLS/Whatever, and > encourage the use of ssh from your vendor if possible. > > -- > Progress is impossible without change, and those who > cannot change their minds cannot change anything. > -- George Bernard Shaw > Thanks. I'll see if there is the "preferred method", and ssh is an alternative. Jay ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Secure Telnet
[EMAIL PROTECTED] wrote: I am working with one of my vendors and they are asking for a secure telnet program on my FreeBSD box. [EMAIL PROTECTED] wrote: > What's wrong with ssh? Indeed. Perhaps you can tell us what client the vendor is using; it seems likely that most programs that do "secure telnet" will also talk to sshd. If they're using Windows (most likely) and don't have a particular "must use" client, PuTTY is fine, and does SSH and telnet pretty well. Can anyone recommend a port for the secure telnet program, or a source where I can obtain one? Interestingly enough, if you take a look at the Makefile in src/libexec/telnetd/ it seems to indicate that FreeBSD's telnetd is compiled with SSL support; you might attempt telnet from within the BSD box and see if it works, as telnet(1) seems to indicate that data is encrypted by default. Grab packets and see if you can read things like passphrases ;-) [1] I was able to make rlogin work (from my laptop), but I was not able to use rlogion from the FreeBSD box since I need to connect to a non-standard port (2002). Interesting choice of numbers; ssh is port 22. Are you sure they're not open to using ssh? As an alternative, is it possible to make the rlogin client connect to a non-standard port? I wouldn't think of rlogin as an alternative, and, no, the manpage doesn't seem to indicate this. Also, unless this system isn't publicly available (and the need for "secure telnet" from a "vendor" seems to indicate that this isn't the case), you shouldn't allow rlogin; once again, ssh can do anything rlogin/rsh can, and do it with encryption. Kevin Kinsey DaleCo, S.P. (Jasper, MO!!! Hi!) [1] Keep in mind that there **must** be a reason why SSH is preferred over telnet, even if telnet supports SSL/Kerberos/TLS/Whatever, and encourage the use of ssh from your vendor if possible. -- Progress is impossible without change, and those who cannot change their minds cannot change anything. -- George Bernard Shaw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Secure Telnet
On Feb 13, 2007, at 3:35 PM, [EMAIL PROTECTED] wrote: I am working with oone of my vendors and they are asking for a secure telnet program on my FreeBSD box. Can anyone recommend a port for the secure telnet program, or a source where I can obtain one? There's a Kerberized telnet which is probably available from: /usr/ ports/security/krb5 or /usr/ports/security/heimdal, but most people have switched from using telnet to using ssh. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Secure Telnet
On Tue, 13 Feb 2007 23:35:19 - (GMT) [EMAIL PROTECTED] wrote: > I am working with oone of my vendors and they are asking for a secure > telnet program on my FreeBSD box. > What's wrong with ssh? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: secure telnet
I there any way to tell the FBSD telnet server launched by inetd to only accept SRA secure logins? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lowell Gilbert Sent: Saturday, December 27, 2003 10:28 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: secure telnet "fbsd_user" <[EMAIL PROTECTED]> writes: > What is SRA? Secure RPC Authentication, I think. RFC1416, might be compliant with 2941 as well. > Is the id and password passed as clear text? No. > Where is the documentation on SRA? The RFCs describe the protocol. I don't see why there would be any user interface involved, so I don't know what other kind of documentation would be useful. > Where is the documentation on using these > options to make telnet secure? I don't think there is any in the FreeBSD system or documentation tree. For secure remote login, ssh(1) is superior in every way, even if you use null encryption on the session. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: secure telnet
"fbsd_user" <[EMAIL PROTECTED]> writes: > What is SRA? Secure RPC Authentication, I think. RFC1416, might be compliant with 2941 as well. > Is the id and password passed as clear text? No. > Where is the documentation on SRA? The RFCs describe the protocol. I don't see why there would be any user interface involved, so I don't know what other kind of documentation would be useful. > Where is the documentation on using these > options to make telnet secure? I don't think there is any in the FreeBSD system or documentation tree. For secure remote login, ssh(1) is superior in every way, even if you use null encryption on the session. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"