RE: Permit root login for telnet..
- From: <A.Fadyushin@xxxxxxxxxxxx>
- Date: Wed, 30 Aug 2006 21:20:44 +0400
Of course, if you are using unencrypted FTP as the user having read only
privileges to the information which does not need to be kept in secret,
it is will not do damage (except that the massive downloading of
tarballs by somebody who sniffed the password may cause the
network/server overload).
You generally could not limit the user who logged via telnet to be a
'read-only' user. Usually, such a user (especially with a sniffed root
password will be able to do with a machine whatever him want. However,
if you use the telnet only to completely reinstall the system on
computers every day and will use the new telnet password each day it
will not be a great security problem. Also you can stop the telnet
servers on the computers as the last step of the installation procedure
to prevent later use of the possibly sniffed password.
Alexey Fadyushin.
Brainbench MVP for Linux.
http://www.brainbench.com
-----Original Message-----&
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
bounces@xxxxxxxxxx] On Behalf Of Burke, Thomas G.
Sent: Tuesday, August 29, 2006 7:28 PM
To: General Red Hat Linux discussion list
Subject: RE: Permit root login for telnet..
I have found instances where a program is written to send scripts back
forth through the terminal, but can't do the encryption itself.and
For instance, if you were only using it to run a set-up script on a
brand new computer, you'd do a minimal install (or use a boot disk),
then have a little program telnet in & choose appropriate packages forgot
the machine based on certain characteristics.
I used to do this all the time in the DOS/Windows world - a machine
a custom load, depending on what it needed. It logged in as a userthat
had only read priviledges on the server, so if somebody did manage toother
sniff it (while I was alone in the labs), no damage could be done
thaqn downloading tarballs.I
I did this all in clear-text passwords over telnet & ftp. Of course,
usually only did it late at night or early in the morning when no oneforth
was in the labs (and I had keys to the doors).
Doing this simplified life for me greatly. After a while, we figured
out how to do this every night, to ensure we wiped out virii & so
that (l)users had gotten onto the machines & so forth - basicallyhours.
reformatting every drive every night and reinstalling the complete
loadset. We could reload 100 computers in the course of about 2
via
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of
A.Fadyushin@xxxxxxxxxxxx
Sent: Tuesday, August 29, 2006 10:51 AM
To: redhat-list@xxxxxxxxxx
Subject: RE: Permit root login for telnet..
Actually, the situation is slightly better because the user would need
some privileges to run a sniffer (at least in Linux). So, if nobody
could attach his own computer directly to the network where the
passwords are (or potentially could, for example due to the routing
changes) sent and all users with the appropriate privileges on already
attached computers are trusted (for example, them already know the
passwords of the users who will use telnet) there should be no problem
as long as these conditions exist. However, most probably, these
conditions would not be fulfilled in reality and the passwords sent
telnet would be compromised.computers
It is much better to use SSH because it will send all information
(including passwords) in encrypted form only. Every task which can be
done with telnet can be done with SSH also.
Alexey Fadyushin
Brainbench MVP for Linux.
http://www.brainbench.com
-----Original Message-----is
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
bounces@xxxxxxxxxx] On Behalf Of Burke, Thomas G.
Sent: Friday, August 25, 2006 11:02 PM
To: General Red Hat Linux discussion list
Subject: RE: Permit root login for telnet..
Shekhar,
I don't remember how to turn on telnet.
That said, *ANY* comuter that can access the netowrk this server
on can be used to sniff a clear-text password sent through telnet.I
understand that in your specific case, this may be OK, but are you
absolutely sure that *every* employee accessing one of these
I
can be trusted not to set up a sniffer? And any future employees?it.
There is no point in having a server if no one's computer can access
close
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Shekhar Dhotre
Sent: Friday, August 25, 2006 2:53 PM
To: General Red Hat Linux discussion list
Subject: RE: Permit root login for telnet..
Bank of China - Shanghai .
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steve Rieger
Sent: Friday, August 25, 2006 1:15 PM
To: General Red Hat Linux discussion list
Cc: Bliss, Aaron
Subject: Re: Permit root login for telnet..
i would like to know what bank you work for, am gonna make sure to
any account i have there.
sorry for the top post.
Shekhar Dhotre wrote:
OK , no one has access to network room here than Coms guys . Even
notcannot go in as I am in Unix/Storages group. Our comm. guys are
switch.interested in checking our passwords.trusted
Also they have access to most of the prod switches, so they are
by the business. Again not a risk .
-----Original Message-----
From: Bliss, Aaron [mailto:ABliss@xxxxxxxxxxxxxxxxx]
Sent: Friday, August 25, 2006 9:44 AM
To: Shekhar Dhotre; General Red Hat Linux discussion list
Subject: RE: Permit root login for telnet..
Sure, just turn on ethereal, plug into the span port on the
sniffersVery straight forward; there are even software based packet
of
than can sniff past switches.
Aaron
-----Original Message-----
From: Shekhar Dhotre [mailto:sdhotre@xxxxxxxxxxxx]
Sent: Friday, August 25, 2006 9:25 AM
To: Bliss, Aaron; General Red Hat Linux discussion list
Subject: RE: Permit root login for telnet..
Again that's all good . But, can you tell me how to see password
Dhotreoffersother sysadmin if he is accessing system via telnet?list
-----Original Message-----
From: Bliss, Aaron [mailto:ABliss@xxxxxxxxxxxxxxxxx]
Sent: Friday, August 25, 2006 9:22 AM
To: Bliss, Aaron; Shekhar Dhotre; General Red Hat Linux discussion
Subject: RE: Permit root login for telnet..
Telnet is also vulnerable to man in the middle attacks and ssh
post authentication; telnet does not.
Aaron
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bliss, Aaron
Sent: Friday, August 25, 2006 9:13 AM
To: Shekhar Dhotre; General Red Hat Linux discussion list
Subject: RE: Permit root login for telnet..
Telent is a clear text protocol; ssh isn't.
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Shekhar
99.9%howSent: Friday, August 25, 2006 9:11 AM
To: General Red Hat Linux discussion list
Subject: RE: Permit root login for telnet..
I have used telnet before ssh came in to the market . Do you know
toaccess
hack telnet ? or break a root password without having physical
tobig
the system ? most likely the answer will be - NO .. so what's the
deal in ssh vs. telnet ?
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Greg Golin
Sent: Friday, August 25, 2006 2:12 AM
To: General Red Hat Linux discussion list
Subject: Re: Permit root login for telnet..
Dear Arun,
You do NOT want to enable root login via telnet - trust me on this
one. Please tell the list what you are trying to accomplish -
donechance is that whatever you are trying to do can, and should be
Answers
via ssh.
Kind Regards,
Gregory Golin
Systems Admin
On 8/24/06, Arun Williams <perks_williams@xxxxxxxxxxx> wrote:
How can i enable root login for telnet....POSSIBILITIES...
I tried editing /etc/pam.d/login .... but no use
____________________________
Regards
A.Williams
IN THIS WORLD FULL OF DREAMS AND IMAGINATION, LOOK FOR
---------------------------------
Here's a new way to find what you're looking for - Yahoo!
VersionSend FREE SMS to your friend's mobile from Yahoo! Messenger
mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribemailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe8. Get it NOW
--
redhat-list mailing list
unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
--
eats the blues for breakfast,
does unix for rent,
plays harp for food,
will play the flute for kicks
rides for the freedom
scrapes for thechallenge
--
redhat-list mailing list
unsubscribe
mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribehttps://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe
mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribehttps://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- Follow-Ups:
- RE: Permit root login for telnet..
- From: Burke, Thomas G.
- RE: Permit root login for telnet..
- Prev by Date: RE: samba / UNIX password sync
- Next by Date: Re: samba / UNIX password sync
- Previous by thread: RE: Permit root login for telnet..
- Next by thread: RE: Permit root login for telnet..
- Index(es):
Relevant Pages
|
