Seeing as any user that's telnetted in as a regular users can usually
substitute user for root, and anyone on the internet can view they
keystrokes they're using to type the root password, either way is as
completely insecure as another. I don't even want anyone being able to
Telnet is as a regular user - if the unprivilieged user has a shell, they
can use another exploit to gain root...
Don't install Telnet-server. Just don't. I don't mean to be rude, but
Telnet is a flaming pile of poo, and installing it is a really poor move.
Mike
------------------------------------------
Mike MacCana Support Consultant
C Y B E R S O U R C E
Level 9, 140 Queen St Melbourne 3000
Ph : +61 3 9642 5997 Fax: +61 3 9642 5998
On Thu, 4 Jan 2001, Tony Blackmon wrote:
> The feature you are referring to as twisty is not twisty at all. It is very
> important that you not be able to telnet in as root. The only way to make
> things absolutely tight on unix machines is to disallow telnet sessions for
> accounts that are system standard on *nix systems.
>
> As for being able to telnet in with mandrake, depending on what security
> option and the purpose of the machine you chose during installation, you may
> not be running a telnet daemon. Some of the install options dont even
> install telnetd.
>
> The simplest fix is the install the package telnet-server from your mandrake
> cd. I would recommend not doing that at all and suggest that you go with a
> package such as ssh. You can do everything that you can with the regular
> telnet daemon, but it all runs through the ssh security specs and makes
> things nice and tight. there are even web based java ssh telnet clients that
> you can use for free installed on your apache server on the machine you want
> to telnet too. like mine, at home i can go to
> http://machinename.domain.suffix/ssh and i get prompted for a login from any
> java capable browser. thats really slick because you dont have to install an
> ssh telnet client on the machine you are telnetting from.
>
> having an open telnet port just attracts undesired attention :)
>
> --fluid
>
> -----Original Message-----
> From: duane voth [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 03, 2001 3:19 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [expert] Why doesn't work the telnet with Mdk 7.2 after
> install?
>
>
> Alexander Skwar wrote:
>
> > So sprach [EMAIL PROTECTED] am Wed, Jan 03, 2001 at 12:07:57PM +0100:
> >
> >> I've just installed Mdk 7.2 and the telnet doesn't work. A friend
> explained
> >> me to check that the telnet service is enable in /etc/xinetd/telnet but
> >> this file doesn't exist.
> >
> >
> > telnet-server is installed?
> >
> > Alexander Skwar
>
>
> Also, you woudn't be trying to telnet in as root would you?
> Some twisty security feature (that I *still* have yet to discover)
> disables root telnet.
>
> duane
>
>
>
