[ltp] telnet

[Les Bell]

Don Marti wrote:

>> Your system is functioning correctly.  Telnet is now generally
considered insecure and irresponsible.

The secure replacement for telnet is OpenSSH <<

"Considered insecure" by whom? While it is true that telnet passes login
passwords over a network in the clear, and that on the public Internet that
*might* be considered an unacceptable risk, its use on a small private
network might be quite acceptable.

You might be interested in this excerpt from the latest RISKS-Digest:

--------------------------------------------------------

Date: Mon, 20 Dec 1999 00:34:14 -0700
From: "Schlake ( William Colburn )" <schlake@nmt.edu>
Subject: SSH: an ineffectual "feel-good" security measure

[snip]

I think many people believe that ssh protects them from wrong-doers, and
that nothing bad can happen to them if they use ssh.  The authors of the
Internet Auditing Project(1) have a good story to tell about ssh, as do the
people who run the web site for rootshell.org(2).  Some sys-admins here at
work are rabid about ssh.  They have disabled telnet and rlogin for
"security" reasons, and naively believe that ssh is somehow more secure.

--------------------------------------------------------

You can find the full message in the RISKS Archives at
http://catless.ncl.ac.uk/Risks/VL.IS.html.

While I don't necessarily agree with everything the author has to say, I
would suggest that blanket condemnation of widely-accepted and useful
protocols as "insecure and irresponsible", coupled with recommendation of a
single protocol as a panacea for all ills, is no substitute for an
understanding of the risks and thoughtful selection of an appropriate
protocol. In short, telnet has its place.

Best,

--- Les [http://www.lesbell.com.au]


----- The Linux ThinkPad mailing list -----
The linux-thinkpad mailing list home page is at:
http://www.bm-soft.com/~bm/tp_mailing.html