[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hacked?



Hi there,
         I guess that password complexity is not the issue here. It's
incredibly easy to 'sniff' plain text passwords off of a LAN! However if
your happy no one is going to attempt this then telnet without ssh is
fine.
Just my twopennyworth.

Regards JohnG 


32865e97b5342e762ab140e00f3da23b - Just 'Debian'


On Thu, 27 Apr 2000, Noah L. Meyerhans wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Thu, 27 Apr 2000, w trillich wrote:
> 
> > # apt-get install ssh
> > Reading Package Lists... Done
> > Building Dependency Tree... Done
> > Package ssh has no available version, but exists in the database.
> > This typically means that the package was mentioned in a dependency and
> > never uploaded, has been obsoleted or is not available with the contents
> > of sources.list
> > E: Package ssh has no installation candidate
> > 
> 
> Add the following line to /etc/apt/sources.list:
> deb http://non-us.debian.org /potato/non-US main contrib non-free
> 
> On the other hand, I do not feel as strongly as other posters that telnet
> needs to be disabled in order to have a secure machine.  Strong passwords
> will work just as well.  I have an account on a large Solaris network
> where telnet has been open for ages, and will continue to be.  The passwd
> program in *incredibly* anal about ensuring that all passwords are
> complex.  To my knowledge there has never been a significant security
> breach on this network.
> 
> noah
> 
>   PGP Public Key available at http://web.morgul.net/~frodo/mail.html 
>   or by `finger -l frodo@morgul.net` 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a
> Charset: noconv
> 
> iQCVAwUBOQg6UYdCcpBjGWoFAQHgswP/akY6CGn1dYsk65yTcm5suKjCU28YxgD0
> Z+Hx0s2ftuWnp9BUz6GstO10WHRyOvHJ3wEpHWn8yoti3ywsW53EIGzEznNwC+lv
> tn5P+Z2x4b4320PTKkQY5EBCASW8uH9c4VbF6e66aY68EpqZS9YFtW2ZStWapnm8
> kUzWMob163E=
> =kx57
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> 
> 


Reply to: