Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]

To: debian-user@lists.debian.org
Subject: Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]
From: David Fokkema <dfokkema@ileos.nl>
Date: Thu, 15 May 2003 16:18:20 +0200
Message-id: <[🔎] 20030515141820.GA20078@nebula.ileos.home>
Mail-followup-to: dfokkema@murphy.debian.org, debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.53.0305150926320.9732@perrin.socsci.unc.edu>
References: <[🔎] BAY7-F112lZGdOZofu400015c2a@hotmail.com> <[🔎] 0446F316-86C2-11D7-B355-0030657BB07A@clivemenzies.co.uk> <[🔎] 20030515121243.0c856274.nico.meijer@zonnet.nl> <[🔎] 20030515111539.GI10412@ursine.dyndns.org> <[🔎] Pine.LNX.4.53.0305150830120.9732@perrin.socsci.unc.edu> <[🔎] 20030515125953.GA19689@nebula.ileos.home> <[🔎] Pine.LNX.4.53.0305150926320.9732@perrin.socsci.unc.edu>

On Thu, May 15, 2003 at 09:31:09AM -0400, Andrew Perrin wrote:
> I employ a small army of undergraduate research assistants, all of whom
> are fundamentally nontechnical. Their job involves coding texts (usually
> letters to the editor, sometimes other texts) along thematic lines. They
> do so by telnetting into a stripped-down debian box that only runs a perl
> script that does the coding. The perl script, in turn, selects from and
> updates a PostgreSQL database on another host (which does not run
> telnetd).
> 
> The crux of the matter is that these assistants telnet in from arbitrary
> places to do their work. It would be a significant pain to teach them how
> to set up PuTTY or Secure CRT on every machine they might use. I'm
> comfortable with the (rather minimal) security risk posed by letting them
> telnet into this isolated box.
> 
> The principle, too, seems important: the reason for dropping telnetd would
> be to protect users from themselves. Why should debian be in that
> practice? Warn us, sure, but don't take away options just because you
> think they're bad for us.

Ah, I see. So it is not that ssh can't do what you want to do, it's just
a PITA to set it up on every (maybe public?) computer your assistants
might use. I see. Had some similar problems. At my university, they
switched from telnet to ssh (good) but then I couldn't log in from a
myriad of computers (my parents', for example).

Got your point, thanks!

David

PS: I agree with keeping telnet on principal grounds.

Reply to:

Follow-Ups:
- Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]
  - From: Paul Johnson <baloo@ursine.dyndns.org>

References:
- Software...!!!
  - From: "Sherwin Kamperveen" <s_kamperveen@hotmail.com>
- Re: Software...!!!
  - From: Clive Menzies <clive@clivemenzies.co.uk>
- Re: Software...!!!
  - From: Nico Meijer <nico.meijer@zonnet.nl>
- Dropping telnetd and rsh* for security reasons?
  - From: Paul Johnson <baloo@ursine.dyndns.org>
- Re: Dropping telnetd and rsh* for security reasons?
  - From: Andrew Perrin <clists@perrin.socsci.unc.edu>
- telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]
  - From: David Fokkema <dfokkema@ileos.nl>
- Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]
  - From: Andrew Perrin <clists@perrin.socsci.unc.edu>

Prev by Date: Re: Using stupid filenames in shell scripts
Next by Date: Re: Trouble with eth0
Previous by thread: Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]
Next by thread: Re: telnet vs ssh [WAS: Re: Dropping telnetd and rsh* for security reasons?]
Index(es):
- Date
- Thread