Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 'we should all be uncomfortable with the extent to which luck..'

  • From: John Fraizer
  • Date: Wed Jul 25 15:02:03 2001

On Wed, 25 Jul 2001, David Shaw wrote:

> On Tue, Jul 24, 2001 at 11:42:21PM -0700, Roeland Meyer wrote:
> > > Systems Affected
> > > 
> > >    Systems running versions of telnetd derived from BSD source.
> > 
> > How many of us here run anything less than SSH and even allow telnetd to
> > live on any of our hosts?
> telnetd is not inherently bad.  It is a tool that is lacking the
> session encryption and strong authentication features of SSH, but is
> still useful in some cases.  Like any tool it can be used poorly, but
> that is not the fault of the tool.
> For example, when traveling, I can log in securely from any random
> Internet cafe using OPIE or S/Key one-time passwords via telnet.  SSH
> requires that you trust your local machine, and OPIE assumes that you
> don't.
> David
> -- 
>    David Shaw  |  |  WWW
> +---------------------------------------------------------------------------+
>    "There are two major products that come out of Berkeley: LSD and UNIX.
>       We don't believe this to be a coincidence." - Jeremy S. Anderson

You may not expose your password to get into your network but, you do
expose everything else that happens on the connection, including the
passwords to devices that do not use/support OPIE or S/Key
authentication.  You can run an SSH client in a java applet in nearly any
browser.  If some devices on your network don't support ssh, ssh into
something that does and from there, telnet to the devices that don't.

John Fraizer
EnterZone, Inc

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.