accessing my linux box via telnet
Tim Chase
blinux.list at thechases.com
Thu May 3 15:35:05 UTC 2007
>> Another alternative is to use a one-time password (OTP)
>
> true, but if you then would use s - to get a root-shell the
> root-password would still go cleartext over the net and
> connection hijacking is a serious possibility (even so
> man-in-the-middle attacks)
The moral of that story is that if you use OTP, it's only for
authentication, not for encryption. Thus, don't do anything
confidential over the line. That includes typing passwords,
reading confidential email, berating your boss, making
death-threats, etc.
Connection hijacking/MITM injection attacks are also a
possibility and a far more serious matter if on the wild
internet. One might want to create a remote-access user in a
chroot jail that you can use, only providing the utilities that
you'd need/want remotely and that don't access confidential
information. This does cut down on the usefulness of the whole
matter, but if you just want to remotely access a small selection
of files, OTP+chroot might be a good way to be safely access even
over a telnet connection.
-tim
More information about the Blinux-list
mailing list