[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dropping telnetd and rsh* for security reasons?

Hash: SHA1

On Thu, May 15, 2003 at 08:31:27AM -0400, Andrew Perrin wrote:
> Please don't do this! I need telnetd for a specific application, for which
> ssh is not practical. I know the risks and accept them. Put a dire warning
> on the screen when installing if you must, but don't drop the opportunity
> just to protect me from myself.

I was thinking slightly more altruistically:  Protecting you (which is
not exclusive to Mr. Perrin by any means) from the rest of the net.
My rationale is basically two-pronged:

1) The various rsh packages have been largely, if not totally,
   replaced by ssh.  Now, since rsh has a tendancy of basically
   shouting whatever goes across it in plaintext across the network,
   rsh isn't exactly a sane item to be keeping on the net if you don't
   like the idea of anybody who 0wnzed a router your connection
   happens to be going through being able to gain access to your box.

2) telnetd's functionality has been entirely replaced by ssh, and Free
   ssh clients are available on damn near every platform out there
   natively, and anything with a java interpreter.  People who know
   they're in a specialty environment could either compile it
   themselves (since it's a really small package) or make a backport
   and submit it to apt-get.org.

- -- 
 .''`.     Baloo Ursidae <baloo@ursine.dyndns.org>
: :'  :    proud Debian admin and user
`. `'`
  `-  Debian - when you have better things to do than fix a system
Version: GnuPG v1.2.2 (GNU/Linux)


Reply to: