Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
Note that one of the major reasons telnet is not (istalled/enabled) in a default install (ie you didn't select the telnet-server package) is that is a totally insecure protocol. You should rather be setting up ssh (even on a closed network - just so that you get used to using ssh) than opening yourself to password-sniffing. Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za
[expert] Why doesn't work the telnet with Mdk 7.2 after install?
Thank you for your usefull help. The Telnet-server wasn't installed indeed and now it works. Pierre Hello, I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained me to check that the telnet service is enable in /etc/xinetd/telnet but this file doesn't exist. Someone could explain me what I've to do to active this service after the installation? And Happy New year! Pierre ** This message may contain confidential information and is intended solely for the use of the addressee. If you are not the intended recipient of this message, please notify the sender immediately and do not disclose, use, disseminate or copy this message. The information contained in this message is subject to Systemat's General Terms and Conditions. Any personal opinion expressed in this message reflects the opinion of the sender and not Systemat's opinion. **
RE: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
I must agree with you there. MDK 7.2 comes with openssh-server, or sshd. Basically, you can use a program such as teraterm with it's ttssh extension to ssh into your machine. It's more secure, though nothing is totally secure. It's also got a bunch of interesting features that all run on through the secure shell, and will allow you to do whatever it is you're doing with telnet as well. Besides, Teraterm is free for non commercial use I believe. Thanks > Seeing as any user that's telnetted in as a regular users can usually > substitute user for root, and anyone on the internet can view they > keystrokes they're using to type the root password, either way is as > completely insecure as another. I don't even want anyone being able to > Telnet is as a regular user - if the unprivilieged user has a shell, they > can use another exploit to gain root... > > Don't install Telnet-server. Just don't. I don't mean to be rude, but > Telnet is a flaming pile of poo, and installing it is a really poor move. > > Mike > > -- > Mike MacCana Support Consultant > C Y B E R S O U R C E >Level 9, 140 Queen St Melbourne 3000 > Ph : +61 3 9642 5997 Fax: +61 3 9642 5998 > > On Thu, 4 Jan 2001, Tony Blackmon wrote: > > > The feature you are referring to as twisty is not twisty at all. It is very > > important that you not be able to telnet in as root. The only way to make > > things absolutely tight on unix machines is to disallow telnet sessions for > > accounts that are system standard on *nix systems. > > > > As for being able to telnet in with mandrake, depending on what security > > option and the purpose of the machine you chose during installation, you may > > not be running a telnet daemon. Some of the install options dont even > > install telnetd. > > > > The simplest fix is the install the package telnet-server from your mandrake > > cd. I would recommend not doing that at all and suggest that you go with a > > package such as ssh. You can do everything that you can with the regular > > telnet daemon, but it all runs through the ssh security specs and makes > > things nice and tight. there are even web based java ssh telnet clients that > > you can use for free installed on your apache server on the machine you want > > to telnet too. like mine, at home i can go to > > http://machinename.domain.suffix/ssh and i get prompted for a login from any > > java capable browser. thats really slick because you dont have to install an > > ssh telnet client on the machine you are telnetting from. > > > > having an open telnet port just attracts undesired attention :) > > > > --fluid > > > > -Original Message- > > From: duane voth [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, January 03, 2001 3:19 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [expert] Why doesn't work the telnet with Mdk 7.2 after > > install? > > > > > > Alexander Skwar wrote: > > > > > So sprach [EMAIL PROTECTED] am Wed, Jan 03, 2001 at 12:07:57PM +0100: > > > > > >> I've just installed Mdk 7.2 and the telnet doesn't work. A friend > > explained > > >> me to check that the telnet service is enable in /etc/xinetd/telnet but > > >> this file doesn't exist. > > > > > > > > > telnet-server is installed? > > > > > > Alexander Skwar > > > > > > Also, you woudn't be trying to telnet in as root would you? > > Some twisty security feature (that I *still* have yet to discover) > > disables root telnet. > > > > duane > > > > > > > There's plenty of semicolons to go around
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
Off topic,
Actually, if you wanted any real security, I'd get rid of sudo, install
the Linux trustrees project, and get an actual Linux permission system
that doesn't suck.
Linux needs ACLs. Badly.
Mike
--
Mike MacCanaSupport Consultant
C Y B E R S O U R C E
Level 9, 140 Queen St Melbourne 3000
Ph : +61 3 9642 5997 Fax: +61 3 9642 5998
On Thu, 4 Jan 2001, Bug Hunter wrote:
>
>
> The best thing to do for security is to make su only executable by root.
> Then get the "sudo" package and install it, giving only a few users the
> ability to run "sudo su" and thus change to root.
>
> This makes the telnet server more acceptable, and limits your exposure.
>
> Also, with inetd/xinetd, telnetd can be limited to serving people only
> on specific networks by changing hosts.deny, hosts.allow ("man
> hosts.allow") in the /etc directory.
>
>
> the basic rule for hosts.deny that all systems should follow is
>
> ALL: ALL
>
> this denys everyone access to all services. In hosts.allow, assuming
> your local network is 192.168.1.x, you could put
>
> ALL: 192.168.1.
>
>
> This overrides hosts.deny and allows all servers that use inetd to
> service anyone coming in over the 192.168.1.x network.
>
> bug
>
> On Fri, 5 Jan 2001, Bill Kenworthy wrote:
>
> > Never been able to figure out the logic for that! Invariably the first
> > thing one does when telnetting into a box to do some work as root is to
> > su - whats the difference? The password still goes in clear etc - just
> > seems anoying. Can see the sense in not installing telnetd in some
> > cases, but telnet is a standard unix service - one only has to look at
> > the number of queries to the list over the problems this causes, and the
> > fact that the first thing that person does is install the package, one
> > has to question whether this approach is worthwhile - in my opinion
> > would be better to install, but leave disabled, or perhaps make it an
> > install question that comes up with the package list "Do you want telnet
> > services - Warning ...".
> >
> > BillK
> >
> >
> > > The feature you are referring to as twisty is not twisty at all. It is very
> > > important that you not be able to telnet in as root. The only way to make
> > > things absolutely tight on unix machines is to disallow telnet sessions for
> > > accounts that are system standard on *nix systems.
> > >
> >
>
>
>
RE: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
Seeing as any user that's telnetted in as a regular users can usually substitute user for root, and anyone on the internet can view they keystrokes they're using to type the root password, either way is as completely insecure as another. I don't even want anyone being able to Telnet is as a regular user - if the unprivilieged user has a shell, they can use another exploit to gain root... Don't install Telnet-server. Just don't. I don't mean to be rude, but Telnet is a flaming pile of poo, and installing it is a really poor move. Mike -- Mike MacCanaSupport Consultant C Y B E R S O U R C E Level 9, 140 Queen St Melbourne 3000 Ph : +61 3 9642 5997 Fax: +61 3 9642 5998 On Thu, 4 Jan 2001, Tony Blackmon wrote: > The feature you are referring to as twisty is not twisty at all. It is very > important that you not be able to telnet in as root. The only way to make > things absolutely tight on unix machines is to disallow telnet sessions for > accounts that are system standard on *nix systems. > > As for being able to telnet in with mandrake, depending on what security > option and the purpose of the machine you chose during installation, you may > not be running a telnet daemon. Some of the install options dont even > install telnetd. > > The simplest fix is the install the package telnet-server from your mandrake > cd. I would recommend not doing that at all and suggest that you go with a > package such as ssh. You can do everything that you can with the regular > telnet daemon, but it all runs through the ssh security specs and makes > things nice and tight. there are even web based java ssh telnet clients that > you can use for free installed on your apache server on the machine you want > to telnet too. like mine, at home i can go to > http://machinename.domain.suffix/ssh and i get prompted for a login from any > java capable browser. thats really slick because you dont have to install an > ssh telnet client on the machine you are telnetting from. > > having an open telnet port just attracts undesired attention :) > > --fluid > > -Original Message- > From: duane voth [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 03, 2001 3:19 PM > To: [EMAIL PROTECTED] > Subject: Re: [expert] Why doesn't work the telnet with Mdk 7.2 after > install? > > > Alexander Skwar wrote: > > > So sprach [EMAIL PROTECTED] am Wed, Jan 03, 2001 at 12:07:57PM +0100: > > > >> I've just installed Mdk 7.2 and the telnet doesn't work. A friend > explained > >> me to check that the telnet service is enable in /etc/xinetd/telnet but > >> this file doesn't exist. > > > > > > telnet-server is installed? > > > > Alexander Skwar > > > Also, you woudn't be trying to telnet in as root would you? > Some twisty security feature (that I *still* have yet to discover) > disables root telnet. > > duane > > >
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
The best thing to do for security is to make su only executable by root.
Then get the "sudo" package and install it, giving only a few users the
ability to run "sudo su" and thus change to root.
This makes the telnet server more acceptable, and limits your exposure.
Also, with inetd/xinetd, telnetd can be limited to serving people only
on specific networks by changing hosts.deny, hosts.allow ("man
hosts.allow") in the /etc directory.
the basic rule for hosts.deny that all systems should follow is
ALL: ALL
this denys everyone access to all services. In hosts.allow, assuming
your local network is 192.168.1.x, you could put
ALL: 192.168.1.
This overrides hosts.deny and allows all servers that use inetd to
service anyone coming in over the 192.168.1.x network.
bug
On Fri, 5 Jan 2001, Bill Kenworthy wrote:
> Never been able to figure out the logic for that! Invariably the first
> thing one does when telnetting into a box to do some work as root is to
> su - whats the difference? The password still goes in clear etc - just
> seems anoying. Can see the sense in not installing telnetd in some
> cases, but telnet is a standard unix service - one only has to look at
> the number of queries to the list over the problems this causes, and the
> fact that the first thing that person does is install the package, one
> has to question whether this approach is worthwhile - in my opinion
> would be better to install, but leave disabled, or perhaps make it an
> install question that comes up with the package list "Do you want telnet
> services - Warning ...".
>
> BillK
>
>
> > The feature you are referring to as twisty is not twisty at all. It is very
> > important that you not be able to telnet in as root. The only way to make
> > things absolutely tight on unix machines is to disallow telnet sessions for
> > accounts that are system standard on *nix systems.
> >
>
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
Never been able to figure out the logic for that! Invariably the first thing one does when telnetting into a box to do some work as root is to su - whats the difference? The password still goes in clear etc - just seems anoying. Can see the sense in not installing telnetd in some cases, but telnet is a standard unix service - one only has to look at the number of queries to the list over the problems this causes, and the fact that the first thing that person does is install the package, one has to question whether this approach is worthwhile - in my opinion would be better to install, but leave disabled, or perhaps make it an install question that comes up with the package list "Do you want telnet services - Warning ...". BillK > The feature you are referring to as twisty is not twisty at all. It is very > important that you not be able to telnet in as root. The only way to make > things absolutely tight on unix machines is to disallow telnet sessions for > accounts that are system standard on *nix systems. >
RE: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
The feature you are referring to as twisty is not twisty at all. It is very important that you not be able to telnet in as root. The only way to make things absolutely tight on unix machines is to disallow telnet sessions for accounts that are system standard on *nix systems. As for being able to telnet in with mandrake, depending on what security option and the purpose of the machine you chose during installation, you may not be running a telnet daemon. Some of the install options dont even install telnetd. The simplest fix is the install the package telnet-server from your mandrake cd. I would recommend not doing that at all and suggest that you go with a package such as ssh. You can do everything that you can with the regular telnet daemon, but it all runs through the ssh security specs and makes things nice and tight. there are even web based java ssh telnet clients that you can use for free installed on your apache server on the machine you want to telnet too. like mine, at home i can go to http://machinename.domain.suffix/ssh and i get prompted for a login from any java capable browser. thats really slick because you dont have to install an ssh telnet client on the machine you are telnetting from. having an open telnet port just attracts undesired attention :) --fluid -Original Message- From: duane voth [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 03, 2001 3:19 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install? Alexander Skwar wrote: > So sprach [EMAIL PROTECTED] am Wed, Jan 03, 2001 at 12:07:57PM +0100: > >> I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained >> me to check that the telnet service is enable in /etc/xinetd/telnet but >> this file doesn't exist. > > > telnet-server is installed? > > Alexander Skwar Also, you woudn't be trying to telnet in as root would you? Some twisty security feature (that I *still* have yet to discover) disables root telnet. duane
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
Hi All I did made expert/developement install and all telnet stuff was installed,only thing what disabled its use was xinitd. Even xinitd daemon started and telnetd started telnet didn't work. But when I started INITD instead of XINITD telnet worked. Jarmo
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
On Wednesday 03 January 2001 05:19 pm, you wrote: > So sprach Tom Berkley am Wed, Jan 03, 2001 at 10:24:03AM -0800: > > first determine if telnet is installed: rpm -q telnet > > > > probably it is not. then find the cd with the telnet rpm or download it > > from a mirror site. then install: > > > > rpm -ivh telnet-0.17-7.i386.rpm > > > > now you can use telnet. > > If you want to telnet *OUT*, then you're right. But he seems to want to be > able to telnet *INTO* his computer. Then just the telnet package isn't > enough. Actually you don't need it at all for what he wants to do. > He needs the telnet-server package. > > Alexander Skwar Guys...the problem is simple. and very common on Mandrake 7.2 installs...even the expert/developer installes. The "telnet-server" package isn't installed and untill it is you won't be able to telnet into the box that you're attempting to gain access to. You can certainly telnet out, but you can't telnet in. I discovered this two weeks ago when I installed Mdk 7.2 on my home machine and workstation at work. As soon as I added the telnet-server package all was well again. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
So sprach Tom Berkley am Wed, Jan 03, 2001 at 10:24:03AM -0800: > first determine if telnet is installed: rpm -q telnet > > probably it is not. then find the cd with the telnet rpm or download it from a > mirror site. then install: > > rpm -ivh telnet-0.17-7.i386.rpm > > now you can use telnet. If you want to telnet *OUT*, then you're right. But he seems to want to be able to telnet *INTO* his computer. Then just the telnet package isn't enough. Actually you don't need it at all for what he wants to do. He needs the telnet-server package. Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die guenstige Art an Linux Distributionen zu kommen Uptime: 10 hours 16 minutes
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
Alexander Skwar wrote: > So sprach [EMAIL PROTECTED] am Wed, Jan 03, 2001 at 12:07:57PM +0100: > >> I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained >> me to check that the telnet service is enable in /etc/xinetd/telnet but >> this file doesn't exist. > > > telnet-server is installed? > > Alexander Skwar Also, you woudn't be trying to telnet in as root would you? Some twisty security feature (that I *still* have yet to discover) disables root telnet. duane
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
Doesn't he need to run telnetd for the service to start? Joseph Red [EMAIL PROTECTED] - Original Message - From: "Tom Berkley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 03, 2001 10:24 AM Subject: Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install? > first determine if telnet is installed: rpm -q telnet > > probably it is not. then find the cd with the telnet rpm or download it from a > mirror site. then install: > > rpm -ivh telnet-0.17-7.i386.rpm > > now you can use telnet. > > tom berkley > > [EMAIL PROTECTED] wrote: > > > Hello, > > > > I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained > > me to check that the telnet service is enable in /etc/xinetd/telnet but > > this file doesn't exist. > > > > Someone could explain me what I've to do to active this service after the > > installation? > > > > And Happy New year! > > > > Pierre > > > > > > This message may contain confidential information > > and is intended solely for the use of the individual > > or entity to whom it is addressed. > > If you are not the intended recipient of this message, > > please notify the sender immediately and do not disclose, > > use, disseminate or copy this message. > > The information contained in this message reflects > > the opinion of the sender and not Systemat's opinion. > > > > >
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
first determine if telnet is installed: rpm -q telnet probably it is not. then find the cd with the telnet rpm or download it from a mirror site. then install: rpm -ivh telnet-0.17-7.i386.rpm now you can use telnet. tom berkley [EMAIL PROTECTED] wrote: > Hello, > > I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained > me to check that the telnet service is enable in /etc/xinetd/telnet but > this file doesn't exist. > > Someone could explain me what I've to do to active this service after the > installation? > > And Happy New year! > > Pierre > > > This message may contain confidential information > and is intended solely for the use of the individual > or entity to whom it is addressed. > If you are not the intended recipient of this message, > please notify the sender immediately and do not disclose, > use, disseminate or copy this message. > The information contained in this message reflects > the opinion of the sender and not Systemat's opinion. >
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
So sprach [EMAIL PROTECTED] am Wed, Jan 03, 2001 at 12:07:57PM +0100: > I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained > me to check that the telnet service is enable in /etc/xinetd/telnet but > this file doesn't exist. telnet-server is installed? Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die guenstige Art an Linux Distributionen zu kommen Uptime: 2 hours 9 minutes
Re: [expert] Why doesn't work the telnet with Mdk 7.2 after install?
On Wednesday 03 January 2001 06:07, you wrote: If you are trying to telnet into the box and can't check and see if telnet-server is installed. I choose a developer install and it wasn't added, don't ask me why since I can't code. Check out secure Shell (ssh) if you want to remotly login to your box, it doesn't send passwords clear text like telnet. > Hello, > > I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained > me to check that the telnet service is enable in /etc/xinetd/telnet but > this file doesn't exist. > > Someone could explain me what I've to do to active this service after the > installation? > > And Happy New year! > > Pierre > > > > *** >* This message may contain confidential information > and is intended solely for the use of the individual > or entity to whom it is addressed. > If you are not the intended recipient of this message, > please notify the sender immediately and do not disclose, > use, disseminate or copy this message. > The information contained in this message reflects > the opinion of the sender and not Systemat's opinion. > *** >*
[expert] Why doesn't work the telnet with Mdk 7.2 after install?
Hello, I've just installed Mdk 7.2 and the telnet doesn't work. A friend explained me to check that the telnet service is enable in /etc/xinetd/telnet but this file doesn't exist. Someone could explain me what I've to do to active this service after the installation? And Happy New year! Pierre This message may contain confidential information and is intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient of this message, please notify the sender immediately and do not disclose, use, disseminate or copy this message. The information contained in this message reflects the opinion of the sender and not Systemat's opinion.
