Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Why Install Telnet by Default?
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Thu, 8 Dec 2005 08:23:28 +0100
  • Message-id: <20051208072328.GC5329@xxxxxxx>
On Thu, Dec 08, 2005 at 01:18:34AM -0500, WebDev wrote:
> I am not a security expert by any means, nor necessarily a "purist", when it
> comes to installing only the apps I need to run. I do install some apps that
> I want to tinker with, even though I may not use them regularly. However, I
> understand that we should avoid using telnet because it is "insecure". Yet,
> telnet is still installed by default on SUSE, when the secure alternatives
> seem to be more appropriate. I assume there is a reason for this.
>
> I ask, because I deselected telnet when I installed SUSE 10.0, and duringa
> repair process, my system reported that telnet was a core app. If we should
> avoid using it, shouldn't we avoid installing it to begin with?

The telnet protocol is unsafe, telnet the program is just another program
and can be used "safe" locally or for non-login purposes.

Ciao, Marcus

< Previous Next >
References