[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing telnet

On Tue, Jul 04, 2000 at 03:29:16PM +0100, Patrick Kirk wrote:
> Hi all,
> I've just installed a Debian server for a chap who insists on using
> telnet from Windows boxes within the LAN if he wants to login.  I want
> to restrict this so that telnet can be done from the range but
> ssh can be used from anywhere, even if reverse DNS isn't available.
> That's because I want to be able to login myself and fix things from
> wherever I happen to be.
> I have set hosts.deny as blank and hosts.allow as ALL: ALL

This is dangeroous.  /etc/hosts.deny should be "ALL:ALL", and selected
clients should be allowed for selected domains in /etc/hosts.allow.

> Any thoughts on how to set up the rules to allows the setup above?

I'd also look into ssh clients for Windows.  I know there are Java
clients available.

Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Opensales, Inc.                    http://www.opensales.org
  What part of "Gestalt" don't you understand?   Debian GNU/Linux rocks!
   http://gestalt-system.sourceforge.net/    K5: http://www.kuro5hin.org
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0

Attachment: pgppnlokUBwnR.pgp
Description: PGP signature

Reply to: