From owner-freebsd-questions  Wed Oct 31 14:10: 2 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from db.nexgen.com (db.nexgen.com [66.92.98.149])
	by hub.freebsd.org (Postfix) with SMTP id C22B437B403
	for <freebsd-questions@freebsd.org>; Wed, 31 Oct 2001 14:09:57 -0800 (PST)
Received: (qmail 57288 invoked from network); 31 Oct 2001 22:10:11 -0000
Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1)
  by localhost.nexgen.com with SMTP; 31 Oct 2001 22:10:11 -0000
Message-ID: <001701c16258$c3795f40$64625c42@alexus>
From: "alexus" <ml@db.nexgen.com>
To: <cjclark@alum.mit.edu>
Cc: <freebsd-questions@freebsd.org>
References: <000501c161d6$21529380$0f00a8c0@alexus> <20011031134342.C246@gohan.cjclark.org>
Subject: Re: telnet
Date: Wed, 31 Oct 2001 17:09:51 -0500
Organization: NexGen
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

i'm talking about telnetd not telnet client

----- Original Message ----- 
From: "Crist J. Clark" <cristjc@earthlink.net>
To: "alexus" <ml@db.nexgen.com>
Cc: <freebsd-questions@freebsd.org>
Sent: Wednesday, October 31, 2001 4:43 PM
Subject: Re: telnet


> On Wed, Oct 31, 2001 at 01:34:44AM -0500, alexus wrote:
> > can i allow only certain users to use telnet
> 
> Change the permissions on /usr/bin/telnet to 550, put all users who
> you want to allow to use it into one group, and change the ownership
> of /usr/bin/telnet to that group.
> 
> > and all other will have to use ssh only?
> 
> But that does not stop someone from copying a telnet executable to
> their home directory and using that.
> 
> If you set up a firewall on the machine,
> 
>   # ipfw pass tcp from any to any 23 out gid <telnet-group>
>   # ipfw deny tcp from any to any 23 out
> 
> So that only the "telnet-group" can try to reach the usual telnet port
> on remote machines.
> -- 
> Crist J. Clark                           cjclark@alum.mit.edu
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message