Re: in.telnetd vulnerability??

From: adam morley (adam@gmi.com)
Date: 08/04/01 

Date: Fri, 3 Aug 2001 15:27:41 -0700 (PDT)
From: adam morley <adam@gmi.com>
To: Ryan Russell <ryan@securityfocus.com>
Subject: Re: in.telnetd vulnerability??
Message-ID: <Pine.GSO.4.10.10108031524420.24983-100000@gmi.com>

On Fri, 3 Aug 2001, Ryan Russell wrote:

>On Fri, 3 Aug 2001, adam morley wrote:
>
>> as an admin, i dont think i would like to hide the fact that a session
>> has become insecure from the user. just too worried some other admin
>> would pop in and type in a root password and let it fly across the
>> internet in plaintext.
>
>You wouldn't be. People with a clue type ssh instead of telnet, and it
>behaves like it should. What you would be doing is hiding the fact that
>it is now sometimes secure from people who assume it is always insecure.
>Dunno, it might breed bad habits. Shrug.

yea, i see where you're going with it, and i might do it too, especially if i had some system where we used to be using telnet all the time (some sort of order entry or processing system) and i wanted to switch to ssh.

you could create a wrapper that determines (from some sort of table lookup) whether ssh should be used to connect to the system or telnet.

something liek:

telnet <hostname>

and then have a nis or nis+ or file or some kind of table to lookup hostname and see whether it is ssh-able or not, and then invoke ssh or telnet as needed. youd have to replace vanilla telnet with such a script.

though i have a feeling that that was what you were planning.

>
> Ryan
>
> 

-- 

bb&thanks
adam
Do you know what a kibibit, mebibyte, or gibibyte is?
go to http://physics.nist.gov/cuu/Units/binary.html to find out!

Relevant Pages

  • Re: NIS Netgroup issue...
    ... Well, a normal NIS user can ftp and telnet into a system, but a NIS ... it's not an SSH issue. ...
    (alt.os.linux)
  • RE: Commentary on the seven words
    ... When I was an operating systems programmer we all too often forgot that the Operating system existed to support the application, not the other way around. ... A Because the application that we run uses a telnet client that doesn't support ssh - and that's why I can't run ssh on this system. ... I administrate one system that has 128 clients on it and it's ...
    (RedHat)
  • Re: Commentary on the seven words
    ... A Because the application that we run uses a telnet client that doesn't ... support ssh - and that's why I can't run ssh on this system. ... General Red Hat Linux discussion list ... >operating system and utility advice and assistance and there are SEVEN ...
    (RedHat)
  • Re: I do not get ssh. Why is it more secure?
    ... How is this any more secure that plain old telnet? ... And, well, I just don't get the advantage of ssh ... If you put your ssh server on port 12345, it will be free from attacks. ... SSH connections, in the hands of someone who actually knows what they are doing, have the benefit of treating a remote machine as a remote machine. ...
    (comp.os.linux.misc)
  • Re: Commentary on the seven words
    ... routinely asked to help with enabling rsh and telnet. ... Shoot, I use SSH & all that, but if I wanted to allow it for some ... > I wrote in with a complaint that Linux will allow a process (like Tar, ... I administrate one system that has 128 clients ...
    (RedHat)