Permit root login for telnet..
A.Fadyushin at it-centre.ru
A.Fadyushin at it-centre.ru
Wed Aug 30 17:20:44 UTC 2006
Of course, if you are using unencrypted FTP as the user having read only
privileges to the information which does not need to be kept in secret,
it is will not do damage (except that the massive downloading of
tarballs by somebody who sniffed the password may cause the
network/server overload).
You generally could not limit the user who logged via telnet to be a
'read-only' user. Usually, such a user (especially with a sniffed root
password will be able to do with a machine whatever him want. However,
if you use the telnet only to completely reinstall the system on
computers every day and will use the new telnet password each day it
will not be a great security problem. Also you can stop the telnet
servers on the computers as the last step of the installation procedure
to prevent later use of the possibly sniffed password.
Alexey Fadyushin.
Brainbench MVP for Linux.
http://www.brainbench.com
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Burke, Thomas G.
> Sent: Tuesday, August 29, 2006 7:28 PM
> To: General Red Hat Linux discussion list
> Subject: RE: Permit root login for telnet..
>
> I have found instances where a program is written to send scripts back
&
> forth through the terminal, but can't do the encryption itself.
>
> For instance, if you were only using it to run a set-up script on a
> brand new computer, you'd do a minimal install (or use a boot disk),
and
> then have a little program telnet in & choose appropriate packages for
> the machine based on certain characteristics.
>
> I used to do this all the time in the DOS/Windows world - a machine
got
> a custom load, depending on what it needed. It logged in as a user
that
> had only read priviledges on the server, so if somebody did manage to
> sniff it (while I was alone in the labs), no damage could be done
other
> thaqn downloading tarballs.
>
> I did this all in clear-text passwords over telnet & ftp. Of course,
I
> usually only did it late at night or early in the morning when no one
> was in the labs (and I had keys to the doors).
>
> Doing this simplified life for me greatly. After a while, we figured
> out how to do this every night, to ensure we wiped out virii & so
forth
> that (l)users had gotten onto the machines & so forth - basically
> reformatting every drive every night and reinstalling the complete
> loadset. We could reload 100 computers in the course of about 2
hours.
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of
> A.Fadyushin at it-centre.ru
> Sent: Tuesday, August 29, 2006 10:51 AM
> To: redhat-list at redhat.com
> Subject: RE: Permit root login for telnet..
>
> Actually, the situation is slightly better because the user would need
> some privileges to run a sniffer (at least in Linux). So, if nobody
> could attach his own computer directly to the network where the
> passwords are (or potentially could, for example due to the routing
> changes) sent and all users with the appropriate privileges on already
> attached computers are trusted (for example, them already know the
> passwords of the users who will use telnet) there should be no problem
> as long as these conditions exist. However, most probably, these
> conditions would not be fulfilled in reality and the passwords sent
via
> telnet would be compromised.
> It is much better to use SSH because it will send all information
> (including passwords) in encrypted form only. Every task which can be
> done with telnet can be done with SSH also.
>
> Alexey Fadyushin
> Brainbench MVP for Linux.
> http://www.brainbench.com
>
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> > bounces at redhat.com] On Behalf Of Burke, Thomas G.
> > Sent: Friday, August 25, 2006 11:02 PM
> > To: General Red Hat Linux discussion list
> > Subject: RE: Permit root login for telnet..
> >
> > Shekhar,
> >
> > I don't remember how to turn on telnet.
> >
> > That said, *ANY* comuter that can access the netowrk this server
> is
> > on can be used to sniff a clear-text password sent through telnet.
> I
> > understand that in your specific case, this may be OK, but are you
> > absolutely sure that *every* employee accessing one of these
computers
>
> > can be trusted not to set up a sniffer? And any future employees?
> > There is no point in having a server if no one's computer can access
> it.
> >
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [mailto:redhat-list-bounces at redhat.com] On Behalf Of Shekhar Dhotre
> > Sent: Friday, August 25, 2006 2:53 PM
> > To: General Red Hat Linux discussion list
> > Subject: RE: Permit root login for telnet..
> >
> > Bank of China - Shanghai .
> >
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [mailto:redhat-list-bounces at redhat.com] On Behalf Of Steve Rieger
> > Sent: Friday, August 25, 2006 1:15 PM
> > To: General Red Hat Linux discussion list
> > Cc: Bliss, Aaron
> > Subject: Re: Permit root login for telnet..
> >
> > i would like to know what bank you work for, am gonna make sure to
> close
> >
> > any account i have there.
> >
> >
> >
> > sorry for the top post.
> >
> >
> > Shekhar Dhotre wrote:
> > > OK , no one has access to network room here than Coms guys . Even
I
> > > cannot go in as I am in Unix/Storages group. Our comm. guys are
not
> > > interested in checking our passwords.
> > >
> > > Also they have access to most of the prod switches, so they are
> > trusted
> > > by the business. Again not a risk .
> > >
> > > -----Original Message-----
> > > From: Bliss, Aaron [mailto:ABliss at preferredcare.org]
> > > Sent: Friday, August 25, 2006 9:44 AM
> > > To: Shekhar Dhotre; General Red Hat Linux discussion list
> > > Subject: RE: Permit root login for telnet..
> > >
> > > Sure, just turn on ethereal, plug into the span port on the
switch.
> > > Very straight forward; there are even software based packet
sniffers
>
> > > than can sniff past switches.
> > >
> > > Aaron
> > >
> > > -----Original Message-----
> > > From: Shekhar Dhotre [mailto:sdhotre at Cedardoc.com]
> > > Sent: Friday, August 25, 2006 9:25 AM
> > > To: Bliss, Aaron; General Red Hat Linux discussion list
> > > Subject: RE: Permit root login for telnet..
> > >
> > > Again that's all good . But, can you tell me how to see password
of
> > > other sysadmin if he is accessing system via telnet?
> > >
> > > -----Original Message-----
> > > From: Bliss, Aaron [mailto:ABliss at preferredcare.org]
> > > Sent: Friday, August 25, 2006 9:22 AM
> > > To: Bliss, Aaron; Shekhar Dhotre; General Red Hat Linux discussion
> > list
> > > Subject: RE: Permit root login for telnet..
> > >
> > > Telnet is also vulnerable to man in the middle attacks and ssh
> offers
> > > post authentication; telnet does not.
> > >
> > > Aaron
> > >
> > > -----Original Message-----
> > > From: redhat-list-bounces at redhat.com
> > > [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bliss, Aaron
> > > Sent: Friday, August 25, 2006 9:13 AM
> > > To: Shekhar Dhotre; General Red Hat Linux discussion list
> > > Subject: RE: Permit root login for telnet..
> > >
> > > Telent is a clear text protocol; ssh isn't.
> > >
> > > -----Original Message-----
> > > From: redhat-list-bounces at redhat.com
> > > [mailto:redhat-list-bounces at redhat.com] On Behalf Of Shekhar
Dhotre
> > > Sent: Friday, August 25, 2006 9:11 AM
> > > To: General Red Hat Linux discussion list
> > > Subject: RE: Permit root login for telnet..
> > >
> > > I have used telnet before ssh came in to the market . Do you know
> how
> > to
> > > hack telnet ? or break a root password without having physical
> access
> > to
> > > the system ? most likely the answer will be - NO .. so what's the
> big
> > > deal in ssh vs. telnet ?
> > >
> > > -----Original Message-----
> > > From: redhat-list-bounces at redhat.com
> > > [mailto:redhat-list-bounces at redhat.com] On Behalf Of Greg Golin
> > > Sent: Friday, August 25, 2006 2:12 AM
> > > To: General Red Hat Linux discussion list
> > > Subject: Re: Permit root login for telnet..
> > >
> > > Dear Arun,
> > >
> > > You do NOT want to enable root login via telnet - trust me on this
> > > one. Please tell the list what you are trying to accomplish -
99.9%
> > > chance is that whatever you are trying to do can, and should be
done
>
> > > via ssh.
> > >
> > > Kind Regards,
> > > Gregory Golin
> > > Systems Admin
> > >
> > > On 8/24/06, Arun Williams <perks_williams at yahoo.co.in> wrote:
> > >
> > >> How can i enable root login for telnet....
> > >>
> > >> I tried editing /etc/pam.d/login .... but no use
> > >>
> > >>
> > >> ____________________________
> > >> Regards
> > >> A.Williams
> > >> IN THIS WORLD FULL OF DREAMS AND IMAGINATION, LOOK FOR
> > >>
> > > POSSIBILITIES...
> > >
> > >>
> > >>
> > >> ---------------------------------
> > >> Here's a new way to find what you're looking for - Yahoo!
Answers
> > >> Send FREE SMS to your friend's mobile from Yahoo! Messenger
Version
> > >>
> > > 8. Get it NOW
> > >
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >>
> > >
> > >
> >
> >
> > --
> > --
> > eats the blues for breakfast,
> > does unix for rent,
> > plays harp for food,
> > will play the flute for kicks
> > rides for the freedom
> > scrapes for thechallenge
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list