Regarding root access to telnet
Ed Wilts
ewilts at ewilts.org
Wed Feb 22 20:35:45 UTC 2006
On Wed, Feb 22, 2006 at 10:21:42AM -0800, Tobias Speckbacher wrote:
> However, it is not that telnet as a service is inherently insecure,
> however, the protocol is. (software vs. network, I am sure someone is
> going to take this out of context)
>
> The main concern regarding telnet is the transmission of data in clear
> text. This means anyone in between you and the server can
> intercept/alter session data, making it trivial to sniff passwords or
> perform other malicious activities with your session.
The distiction is actually quite important. If I wanted to open up root
telnet access on my home network, there would be no security
vulnerability doing so - the only people with physical access to the
network are my wife and I, so sniffing just isn't going to happen. I
think I'd notice if a stranger walked into my spare room and plugged in
to my switch :-)
> As it is using anything less than ssh in my opinion is a severe
> violation/disregard of best practices.
Sometimes there are business reasons for using telnet (sigh...) but yes,
ssh is a best practise. Even at home, I use ssh between my internal
systems. On a couple of key systems at work, I even threw out openssh
in favor of the Tectia SSH server because of security reasons.
.../Ed
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program
More information about the redhat-list
mailing list