Re: Dropping telnetd and rsh* for security reasons?
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, May 15, 2003 at 08:31:27AM -0400, Andrew Perrin wrote:
> Please don't do this! I need telnetd for a specific application, for which
> ssh is not practical. I know the risks and accept them. Put a dire warning
> on the screen when installing if you must, but don't drop the opportunity
> just to protect me from myself.
I was thinking slightly more altruistically: Protecting you (which is
not exclusive to Mr. Perrin by any means) from the rest of the net.
My rationale is basically two-pronged:
1) The various rsh packages have been largely, if not totally,
replaced by ssh. Now, since rsh has a tendancy of basically
shouting whatever goes across it in plaintext across the network,
rsh isn't exactly a sane item to be keeping on the net if you don't
like the idea of anybody who 0wnzed a router your connection
happens to be going through being able to gain access to your box.
2) telnetd's functionality has been entirely replaced by ssh, and Free
ssh clients are available on damn near every platform out there
natively, and anything with a java interpreter. People who know
they're in a specialty environment could either compile it
themselves (since it's a really small package) or make a backport
and submit it to apt-get.org.
.''`. Baloo Ursidae <firstname.lastname@example.org>
: :' : proud Debian admin and user
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----