Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Why Install Telnet by Default?
  • From: John Summerfield <suse@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 09 Dec 2005 09:19:29 +0800
  • Message-id: <4398DBA1.4030303@xxxxxxxxxxxxxxxxxxxxxx>
Randall R Schulz wrote:
> John,
>
> On Thursday 08 December 2005 16:39, John Summerfield wrote:
>> ...
>>
>>>> I use ssh rather than telnet, rsh, rexec etc because it's more
>>>> convenient. Mostly, I control the wire or go through a vpn I
>>>> control.
>>> That depends, I guess, on how you define convenience. I know of
>>> nothing about configuring or using SSH-based services that is more
>>> convenient than using plain old (non-secure) telnet. (Even if
>>> SSH-based services are taken out of the picture entirely, I still
>>> have to type several passwords many times each day, so keyed access
>>> isn't going to make my life much more convenient.)
>> Using ssh, I can arrange for secure passwordless authentication.
>> That's a greate convenience I could never achieve with telnet, though
>> I did sort of fudge it with an expect script.
>
> I'm surprised so many very security-conscious people think that
> passwordless is such a good thing. Now you've made physical access to
> your computer all that is required to gain access to all the other
> hosts for which you've set up passwordless access. What's more, from
> the perspective of the administrators of those systems, it's you who
> has accessed their resources and you'll get the blame, at least
> initially, for any malicious actions.

Physical acces involves electronic security (locks and monitored
alarms), mechanical keylocks and having your photo taken while on the
job. Once you have physical access, passwords are moot.

Or detailed knowledge. Our data has little commercial value; if you want
a site to cause mahem to the internet, there are easier pickings. Half a
dozen unsecured wireless APs where I live for starters.



< Previous Next >
Follow Ups