[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]

On Thu, May 15, 2003 at 02:59:53PM +0200, David Fokkema wrote:
> Mail-Followup-To: dfokkema@murphy.debian.org,
>         debian-user@lists.debian.org

The @murphy.debian.org here is broken, probably caused by confusion
surrounding MTA address rewriting. Please either get your MTA to rewrite
Mail-Followup-To: as well if possible or else tell your mailer about
your full e-mail address.

> On Thu, May 15, 2003 at 08:31:27AM -0400, Andrew Perrin wrote:
> > Paul Johnson wrote:
> > > How does one request a package be removed?  Seems like now is a very
> > > good time to drop telnetd from the distro altogether as a security
> > > hazard, along with rsh...
> > 
> > Please don't do this! I need telnetd for a specific application, for which
> > ssh is not practical. I know the risks and accept them. Put a dire warning
> > on the screen when installing if you must, but don't drop the opportunity
> > just to protect me from myself.
> What do you need telnetd for that sshd won't do (as easy as telnetd)?
> Forgive me my ignorance, but I can't think of anything but ssh as a
> drop-in replacement for telnet/rsh/rlogin. Please enlighten me.

telnetd and rshd are often useful in local-network environments which
contain old legacy-Unix or other systems for which it's difficult, too
time-consuming, or whatever to get a working ssh implementation.
(Sometimes you can't update said machines either because they're build
machines and you need to preserve binary compatibility.) Sure, you don't
want to use them on Internet-connected machines, but the whole world is
not (yet) internetworked.

By all means heavily discourage the use of telnetd and rshd so that
people don't use them unwittingly, but I think they should stay in the


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: