TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:20646] Root login



^chewie said:
> Telnetd isn't bad, really.  As long as you provide the SSL layer to
> it. ;-) Purge the standard, unencrypted telnetd with the much better
> telnetd-ssl ;-).  SSH is nice, but it isn't the ONLY answer.

Except, IIRC, telnet-ssl falls back to standard telnet if the other end isn't
using SSL.  If you're running the telnet-ssl client, you get a nice little
warning that encryption isn't available and you can decide whether to
continue and all is good in the world.  However, if the telnet-ssl server
falls back to plaintext, it's just as bad as running (that connection over) a
non-SSL-enabled telnetd - passwords for accounts on your system are still
made available to anyone with a packet sniffer.

-- 
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Geek Code 3.1:  GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+