That is what I call a fast answer :-). Only 10 Minutes!
Thank you, Markus and Stefan. I will try the ssh-clients.
What I didn't know is that Cyqwin includes a XServer.
> -----Original Message-----
> From: Peer Stefan [SMTP:firstname.lastname@example.org]
> Sent: Wednesday, April 16, 2003 10:57 AM
> To: suse-security(a)suse.com
> Subject: RE: [suse-security] connection via telnet, XServer, ssh
> > From: Habichtsberg, R. [mailto:email@example.com]
> > Hi all,
> > how do you estimate the security risk of the following situation:
> > I log into a linux-server from a windows-client via telnet as
> > normal user.
> Why don't you use ssh? There are many nice windows ssh clients out there, putty for example.
> > From the linux-server I start a x-session
> > (command: konsole -display windows-client:0,0)
> > to a x-server (MIXServer 5.6) on the windows-client.
> > From this session I open a ssh-session to a second linux-server
> > where I have to work as root (su -).
> > Now, if I would scan the data between the windows PC and the
> > linux-servers
> > could I read them not coded, particularly could I read the
> > root password
> > in plaintext?
> Yes. The password is transmitted via X over the network, which isn't encrypted afaik.
> But that's relatively easy to check - just sniff the network and try finding the passwort (or any other phrase you have entered on the console, e.g. something like echo "Find me in the sniffer log."
> > TIA,
> > Reinhard
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help(a)suse.com
> Security-related bug reports go to security(a)suse.de, not here