[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: telnet

From: Rick Stevens <rstevens vitalstream com>
To: inode0 <inode0 gmail com>, Getting started with Red Hat Linux <redhat-install-list redhat com>
Cc:
Subject: Re: telnet
Date: Tue, 08 Mar 2005 16:14:27 -0800

inode0 wrote:

On Tue, 08 Mar 2005 10:08:27 -0800, Rick Stevens
<rstevens vitalstream com> wrote:

Rick Stevens wrote:

I forgot to mention that, unless you have absolutely no choice, you
should NEVER, EVER use telnet.  Since telnet transmits everything in
cleartext (INCLUDING your passwords), you should never use it unless you
can absolutely guarantee the security of your network--and even then you
should be very, very concerned that someone is snooping your network--
especially if there is a wireless link in it somewhere.

Good advice in general but encrypted telnet is available on RHEL and
FC distributions if you are in an environment supporting it.


Encrypted telnet is fairly rare.  If you have it, you undoubtedly can
have ssh, and I still vote for ssh.

We all recommend you use ssh (secure shell), which encrypts everything
(passwords, text, everything) using one of several different ciphers
(typically blowfish, CAST128, 3DES or Arcfour) and guarantees integrity
of the connection using hmac-md5 or hmac-sha1.

Agreed when you have the choice. I know of one largish environment
with between 30 and 40 thousand users where both ssh and unencrypted
telnet are unavailable in places. Encrypted telnet is your only
choice. I very much appreciate that Red Hat provides support for this.


Any environment that permits unencrypted telnet is dangerous if the
network isn't secure.  Again, if you have etelnet, you sure as heck can
have ssh.  And I can't recall if etelnet encrypts the initial logon
sequence if you don't have "-a valid" or "-a user" enabled.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens vitalstream com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-     Veni, Vidi, VISA:  I came, I saw, I did a little shopping.     -
----------------------------------------------------------------------

Follow-Ups:
- Re: telnet
  - From: inode0

References:
- telnet
  - From: roland brouwers
- Re: telnet
  - From: Rick Stevens
- Re: telnet
  - From: Rick Stevens
- Re: telnet
  - From: inode0

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]