[rhn-users] Root login with telnet
Hugo Simon
hugo.simon at gmx.de
Thu Jun 29 21:00:53 UTC 2006
> Let me get this straight. You actually trust your users? You are
> certain that they don't have the capability to install a sniffer? Are
> [...]
You are right, you cannot trust all of your users. But in the days of
switched networks, if you are in an office environment you cannot see your
neigbhors network traffic, because the switch simply does not send it to
your switch port. Therefore it is a switch, not a hub. You only see _your_
traffic and the broadcasts. And in these there is no passwords. So the only
people who maybe sniff your password is the network stuff who has access to
the switch itself or to the patch panels.
More risky is your PC itself. Maybe you have installed a trojan keylogger or
so, that would be bad, but that would be also bad if you use ssh.
So, I am the same opinion that these root login over telnet in an office
environment is paranoia. If you telnet over internet to you server that is
another story.
Am I right? If not please tell me why.
BTW. if you have to use HPUX servers you only can connect via telnet because
the ssh implementation of HPUX is extremly slow, a few minutes (!) until the
ssh connection is established. :-(
Bye
Thorsten
More information about the rhn-users
mailing list