Randall R Schulz wrote:
John,
On Thursday 08 December 2005 09:02, John Summerfield wrote:
Randall R Schulz wrote:
Allen,
On Thursday 08 December 2005 08:37, Allen wrote:
Telnet is only insecure because it sends usernames and passwords in the clear and that's a bad idea over the internet because it can be snooped. However, on a LAN where you want to tinker, this is fine. It's also not secure in that it sends _all_ the data, inbound and outbound, unencrypted. Just like postfix, sendmail, exim, qmail, zmailer and every other MTA.
So? My point is no less valid because it applies elsewhere, too.
telnet's the least of the hazards (in terms of its use), the greatest (in terms of thw warnings).
More people send more confidential data by unencrypted email than they do by telnet, and I don't recall anyone saying "don't use email."
More people are fools than wise, yes?
Yeah, sometimes someone mentions it's insecure, usually they don't say why, but as soon as someone mentions telnet, they say, Ooh, don't do that, it's insecure."
It's the telnet _protocol_ that lacks security features: don't blame the servers and clients for doing what the telnet STDs say they must.
I didn't think there was any blame going on here.
I don't know about that, some wre saying "telnet" by which one usually means the telnet client program, some said "telnetd" referring to the server (and so accepting "telnet" refers to the client).
And if you're going to take that approach, then you must acknowledge that there are secure email transfer formats that are widely implemented.
I use ssh rather than telnet, rsh, rexec etc because it's more convenient. Mostly, I control the wire or go through a vpn I control.
That depends, I guess, on how you define convenience. I know of nothing about configuring or using SSH-based services that is more convenient than using plain old (non-secure) telnet. (Even if SSH-based services are taken out of the picture entirely, I still have to type several passwords many times each day, so keyed access isn't going to make my life much more convenient.)
Using ssh, I can arrange for secure passwordless authentication. That's a greate convenience I could never achieve with telnet, though I did sort of fudge it with an expect script. ssh can forwar X sessions so I can run kpat on a remote computer, with the display on mine. That's a great convenience I could manage wiht rsh only by allowing all X connexions to all computers I'd want to run kpat on. Doubtless you'd see security problems with that. More seriously than kpat, I generally do software updates in a remote xterm displaying locally. It's a great convenience that I don't have to fiddle with rhosts and use xhost for every combination of system I might want to maintain and computer from which I want to do it and that changes in IP address and/or host name at either end don't matter. It's often useful that ssh can forward ports, so I can use a port number on my system (a laptop right now) to access a service on any LAN where I can connect This is a greate convenience when 1. I need to reconfigure an http-based router, printer etc on a LAN that I can reach, where the device doesn't know where _I_ am. 2. I need to connect to an IPP printer on the office LAN from home: I can forware a port from my home desktop to my office desktop and have at it. 3. Ditto, connecting to a work database. The convenience of passwordless authenticated login extends to other facilities such as scp, rsync, tar (shoulkd I want to backup to a remote tape drive) and plain ordinary file copying, whether ising tar, dd or something else, over a pipe. The fact that these connexions are encrytpted is nice, of course, and I might even put up with some inconvenience sometimes to obtain those benefits, but I don't have tomake the choice, in my ordinary use they are completely unimportant. It's when using security is more convenient that not using it that most people will use security. I'm sure that, even in these times, if you surveyed homes or cars in your local suburb, you'd find a few unlocked (even when unattended), because locking them is inconvenient.