Re: anyone using telnet

To: Pedro Zorzenon Neto <pzn@terra.com.br>
Cc: <debian-security@lists.debian.org>
Subject: Re: anyone using telnet
From: Rishi L Khan <rishi@UDel.Edu>
Date: Mon, 19 Mar 2001 07:05:58 -0500 (EST)
Message-id: <[🔎] Pine.SOL.4.31.0103190700530.11458-100000@copland.udel.edu>
In-reply-to: <[🔎] 20010319085806.C335@mantis.autsens.localnet>

I when you say "their account" do you mean they have an account on the
machine you're seeting up accounts for? Or is this machine some kind of
"public kiosk" where anyone can get on?

Allowing anyone to telnet in is a BAD idea. That means a script kiddie
from Belguim can telnet in. If you want to set up a public setup, make a
username and password, and just post it.

Also, this doesn't require the telnet or ssh daemon to be running (unless
you need them for something else).

Another solution is use NIS and have everyone's account information in one
location, and share it across the machines.

			-rishi

On Mon, 19 Mar 2001, Pedro Zorzenon Neto wrote:

> Hi,
>
>   I'd like anyone to be able to use the local keyboard of some machines to telnet/ssh to any other machine and use their account on the other machine.
>
>   A simple solution would be create one acount for user "anyone" without password and restrict its login with rbash to use just telnet/ssh. Also disallow ftp for user "anyone".
>   Do you think this is a good solution? Does it opens some security hole?
>
>   Thanks,
>    Pedro
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: anyone using telnet
  - From: Pedro Zorzenon Neto <pzn@terra.com.br>

References:
- anyone using telnet
  - From: Pedro Zorzenon Neto <pzn@terra.com.br>

Prev by Date: anyone using telnet
Next by Date: Re: anyone using telnet
Previous by thread: anyone using telnet
Next by thread: Re: anyone using telnet
Index(es):
- Date
- Thread