telnet

Rick Stevens rstevens at vitalstream.com
Wed Mar 9 00:14:27 UTC 2005 

inode0 wrote:
> On Tue, 08 Mar 2005 10:08:27 -0800, Rick Stevens
> <rstevens at vitalstream.com> wrote:
> 
>>Rick Stevens wrote:
>>
>>I forgot to mention that, unless you have absolutely no choice, you
>>should NEVER, EVER use telnet.  Since telnet transmits everything in
>>cleartext (INCLUDING your passwords), you should never use it unless you
>>can absolutely guarantee the security of your network--and even then you
>>should be very, very concerned that someone is snooping your network--
>>especially if there is a wireless link in it somewhere.
> 
> 
> Good advice in general but encrypted telnet is available on RHEL and
> FC distributions if you are in an environment supporting it.

Encrypted telnet is fairly rare.  If you have it, you undoubtedly can
have ssh, and I still vote for ssh.

>>We all recommend you use ssh (secure shell), which encrypts everything
>>(passwords, text, everything) using one of several different ciphers
>>(typically blowfish, CAST128, 3DES or Arcfour) and guarantees integrity
>>of the connection using hmac-md5 or hmac-sha1.
> 
> 
> Agreed when you have the choice. I know of one largish environment
> with between 30 and 40 thousand users where both ssh and unencrypted
> telnet are unavailable in places. Encrypted telnet is your only
> choice. I very much appreciate that Red Hat provides support for this.

Any environment that permits unencrypted telnet is dangerous if the
network isn't secure.  Again, if you have etelnet, you sure as heck can
have ssh.  And I can't recall if etelnet encrypts the initial logon
sequence if you don't have "-a valid" or "-a user" enabled.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-     Veni, Vidi, VISA:  I came, I saw, I did a little shopping.     -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list