[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#81396: root shell fscked after upgrade to woody

The reason for installing ssh in this case was for troubleshooting,
although higher security would be a positive side effect.

He reports trouble from an unknown source, and telnetd is "involved".
Installing ssh would allow comparisons of the failure modes with different
network login clients.

If it failed with telnetd and worked with ssh, well then that would isolate
the problem to something related to telnetd.

If it failed with telnetd and failed with ssh, then the problem is probably
not the the telnetd package (although there are possibilites)

rsh could be used in a similar troubleshooting manner, although a side
effect of installing rsh would probably be lower security rather than

Some people ask why and/or complain Debian has more than 1 package that can
provide "Q" where Q is webserving or DHCPing, or BIND versions, or
whatever.  I think the ability to troubleshoot problems by trying alternate
programs is an excellent reason to have "multiple packages doing the same

                    Craig Sanders                                                                                   
                    <cas@taz.net.        To:     "Eray Ozkural (exa)" <erayo@cs.bilkent.edu.tr>,                    
                    au>                  81396@bugs.debian.org                                                      
                                         cc:     (bcc: Vince Mulhollon/Brookfield/Norlight)                         
                    01/06/2001           Fax to:                                                                    
                    11:36 PM             Subject:     Bug#81396: root shell fscked after upgrade to woody           
                    respond to                                                                                      
                    respond to                                                                                      

On Sun, Jan 07, 2001 at 04:38:10AM +0200, Eray Ozkural (exa) wrote:

> We use telnet here because this is a diverse university network; we
> can't force people to run ssh and any moron could go root on this
> machine if he really wanted to.

why not?

the most you'd have to do is put up a single web page with links to
local copies of ssh clients for various platforms...and optionally
replace telnetd with a script (or tcp-wrapper's "twist" capability)
which printed a message displaying the URL and advising the user to
install an ssh client. telnet problem solved with a minimum of user
support calls.

there's really no excuse for running (non-ssl) telnetd any more. good
free ssh clients are available for just about every operating system.


craig sanders

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: