Re: Bug#81396: root shell fscked after upgrade to woody
The reason for installing ssh in this case was for troubleshooting,
although higher security would be a positive side effect.
He reports trouble from an unknown source, and telnetd is "involved".
Installing ssh would allow comparisons of the failure modes with different
network login clients.
If it failed with telnetd and worked with ssh, well then that would isolate
the problem to something related to telnetd.
If it failed with telnetd and failed with ssh, then the problem is probably
not the the telnetd package (although there are possibilites)
rsh could be used in a similar troubleshooting manner, although a side
effect of installing rsh would probably be lower security rather than
higher...
Some people ask why and/or complain Debian has more than 1 package that can
provide "Q" where Q is webserving or DHCPing, or BIND versions, or
whatever. I think the ability to troubleshoot problems by trying alternate
programs is an excellent reason to have "multiple packages doing the same
thing".
Craig Sanders
<cas@taz.net. To: "Eray Ozkural (exa)" <erayo@cs.bilkent.edu.tr>,
au> 81396@bugs.debian.org
cc: (bcc: Vince Mulhollon/Brookfield/Norlight)
01/06/2001 Fax to:
11:36 PM Subject: Bug#81396: root shell fscked after upgrade to woody
Please
respond to
Craig
Sanders;
Please
respond to
81396
On Sun, Jan 07, 2001 at 04:38:10AM +0200, Eray Ozkural (exa) wrote:
> We use telnet here because this is a diverse university network; we
> can't force people to run ssh and any moron could go root on this
> machine if he really wanted to.
why not?
the most you'd have to do is put up a single web page with links to
local copies of ssh clients for various platforms...and optionally
replace telnetd with a script (or tcp-wrapper's "twist" capability)
which printed a message displaying the URL and advising the user to
install an ssh client. telnet problem solved with a minimum of user
support calls.
there's really no excuse for running (non-ssl) telnetd any more. good
free ssh clients are available for just about every operating system.
craig
--
craig sanders
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: