Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Why Install Telnet by Default?
  • From: Randall R Schulz <rschulz@xxxxxxxxx>
  • Date: Thu, 8 Dec 2005 09:24:44 -0800
  • Message-id: <200512080924.44802.rschulz@xxxxxxxxx>
John,

On Thursday 08 December 2005 09:02, John Summerfield wrote:
> Randall R Schulz wrote:
> > Allen,
> >
> > On Thursday 08 December 2005 08:37, Allen wrote:
> >> Telnet is only insecure because it sends usernames and passwords
> >> in the clear and that's a bad idea over the internet because it
> >> can be snooped. However, on a LAN where you want to tinker, this
> >> is fine.
> >
> > It's also not secure in that it sends _all_ the data, inbound and
> > outbound, unencrypted.
>
> Just like postfix, sendmail, exim, qmail, zmailer and every other
> MTA.

So? My point is no less valid because it applies elsewhere, too.


> More people send more confidential data by unencrypted email than
> they do by telnet, and I don't recall anyone saying "don't use
> email."

More people are fools than wise, yes?


> Yeah, sometimes someone mentions it's insecure, usually they don't say
> why, but as soon as someone mentions telnet, they say, Ooh, don't do
> that, it's insecure."
>
> It's the telnet _protocol_ that lacks security features: don't blame
> the servers and clients for doing what the telnet STDs say they must.

I didn't think there was any blame going on here.

And if you're going to take that approach, then you must acknowledge
that there are secure email transfer formats that are widely
implemented.


> I use ssh rather than telnet, rsh, rexec etc because it's more
> convenient. Mostly, I control the wire or go through a vpn I control.

That depends, I guess, on how you define convenience. I know of nothing
about configuring or using SSH-based services that is more convenient
than using plain old (non-secure) telnet. (Even if SSH-based services
are taken out of the picture entirely, I still have to type several
passwords many times each day, so keyed access isn't going to make my
life much more convenient.)


Randall Schulz

< Previous Next >
Follow Ups