Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]
On Thu, May 15, 2003 at 09:31:09AM -0400, Andrew Perrin wrote:
> I employ a small army of undergraduate research assistants, all of whom
> are fundamentally nontechnical. Their job involves coding texts (usually
> letters to the editor, sometimes other texts) along thematic lines. They
> do so by telnetting into a stripped-down debian box that only runs a perl
> script that does the coding. The perl script, in turn, selects from and
> updates a PostgreSQL database on another host (which does not run
> The crux of the matter is that these assistants telnet in from arbitrary
> places to do their work. It would be a significant pain to teach them how
> to set up PuTTY or Secure CRT on every machine they might use. I'm
> comfortable with the (rather minimal) security risk posed by letting them
> telnet into this isolated box.
> The principle, too, seems important: the reason for dropping telnetd would
> be to protect users from themselves. Why should debian be in that
> practice? Warn us, sure, but don't take away options just because you
> think they're bad for us.
Ah, I see. So it is not that ssh can't do what you want to do, it's just
a PITA to set it up on every (maybe public?) computer your assistants
might use. I see. Had some similar problems. At my university, they
switched from telnet to ssh (good) but then I couldn't log in from a
myriad of computers (my parents', for example).
Got your point, thanks!
PS: I agree with keeping telnet on principal grounds.