Kermit is good, Telnet and FTP are not bad was Re: network sniffing question
From: Jeffrey Altman (jaltman_at_columbia.edu)
Date: 05/02/03
- Previous message: Kasper Dupont: "Re: run_in_jail.c"
- Next in thread: Frank da Cruz: "Re: Kermit is good, Telnet and FTP are not bad was Re: network sniffing question"
- Reply: Frank da Cruz: "Re: Kermit is good, Telnet and FTP are not bad was Re: network sniffing question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 2 May 2003 09:05:26 -0700
Nico Kadel-Garcia <nkadel@verizon.net> wrote in message news:<3EADD008.8010406@verizon.net>...
> Pat wrote:
> > thanks for your answers guys.
> >
> > well actually I've been always using SSH myself and all my servers use ssh.
> >
> > the problem I'm having is to convice the "senior sysadmin" that loging into
> > the system as root using telnet is a bad idea. I've even showed him that
> > it's a mistake by using tcpdump and getting the root password but he's
> > conviced that we have no use for ssh.
> >
> > I'm just trying to convice this guy that kermit and korn shell and telnet
> > are old stuff!!
> >
> > thanks again!
> >
>
> Publish his passwords on alt.2600?
>
> Korn shell and kermit are both excellent tools, still in use all over
> the place. Telnet is still useful as a *client* to probe raw TCP ports,
> but as a server it's needed only for clients too limited by their
> hardware to do something correctly.
Thank you for your support of Kermit.
Kermit (C-Kermit and Kermit 95) support both the TELNET START_TLS
option as
well as the TELNET AUTH KRB5 and TELNET AUTH SRP options which provide
for
secure connectivity to your Telnet server. X.509 certificates, SRP,
or KRB5 tickets may be used to authenticate the client to the server
without ever sending a password. Credential forwarding as well as
X-Windows forwarding are also supported. (TELNET FWDX option)
C-Kermit is now bundled with Red Hat 9 and other Linux vendors are
beginning to see the light.
Kermit 95 also has builtin support for SSHv1/SSHv2 with GSSAPI and SRP
authentication. There is no need for C-Kermit to support this since
OpenSSH is available for most platforms.
I agree that Telnet servers which do not support TELNET START_TLS
should be turned off. However, the TELNET protocol is not insecure.
At least it is no less insecure than HTTPS connections to Apache
protected by OpenSSL.
Kermit is also a secure FTP client. By that I do not mean the SSH
SFTP protocol but FTP AUTH TLS and FTP AUTH GSSAPI and FTP AUTH SRP.
It really is a shame that so many people on this Internet are trained
to believe that if something has survived for 25 years it cannot be
good.
- Jeffrey Altman
Former Lead Developer for the Kermit Project
- Previous message: Kasper Dupont: "Re: run_in_jail.c"
- Next in thread: Frank da Cruz: "Re: Kermit is good, Telnet and FTP are not bad was Re: network sniffing question"
- Reply: Frank da Cruz: "Re: Kermit is good, Telnet and FTP are not bad was Re: network sniffing question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
