Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Oct 2001 20:15:39 -0500 (EST)
From:      Scott Nolde <scott@smnolde.com>
To:        alexus <ml@db.nexgen.com>
Cc:        <cjclark@alum.mit.edu>, <freebsd-questions@FreeBSD.ORG>
Subject:   Re: telnet
Message-ID:  <20011031200537.H58143-100000@bsd.smnolde.com>
In-Reply-To: <001701c16258$c3795f40$64625c42@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help 
You'd have to authenticate your telnet users differently than your ssh
users by modifying pam.

For example, at my office, for a BSD box, I have telnet users
authenticating off a RADIUS server, yet SSH users authenticate
locally.

Realistically, using SSH for access to the box is preferred since no
authentication parameters are sent in plaintext.  If some of your users
are coming in via win32 clients, there's always PuTTY.

- Scott

smacked into the keyboard previously by owner-freebsd-questions@FreeBSD.ORG:

 >Date: Wed, 31 Oct 2001 17:09:51 -0500
 >From: alexus <ml@db.nexgen.com>
 >To: cjclark@alum.mit.edu
 >Cc: freebsd-questions@FreeBSD.ORG
 >Subject: Re: telnet
 >
 >i'm talking about telnetd not telnet client
 >
 >----- Original Message -----
 >From: "Crist J. Clark" <cristjc@earthlink.net>
 >To: "alexus" <ml@db.nexgen.com>
 >Cc: <freebsd-questions@freebsd.org>
 >Sent: Wednesday, October 31, 2001 4:43 PM
 >Subject: Re: telnet
 >
 >
 >> On Wed, Oct 31, 2001 at 01:34:44AM -0500, alexus wrote:
 >> > can i allow only certain users to use telnet
 >>
 >> Change the permissions on /usr/bin/telnet to 550, put all users who
 >> you want to allow to use it into one group, and change the ownership
 >> of /usr/bin/telnet to that group.
 >>
 >> > and all other will have to use ssh only?
 >>
 >> But that does not stop someone from copying a telnet executable to
 >> their home directory and using that.
 >>
 >> If you set up a firewall on the machine,
 >>
 >>   # ipfw pass tcp from any to any 23 out gid <telnet-group>
 >>   # ipfw deny tcp from any to any 23 out
 >>
 >> So that only the "telnet-group" can try to reach the usual telnet port
 >> on remote machines.
 >> --
 >> Crist J. Clark                           cjclark@alum.mit.edu
 >>
 >
 >
 >To Unsubscribe: send mail to majordomo@FreeBSD.org
 >with "unsubscribe freebsd-questions" in the body of the message
 >

Scott Nolde
GPG Key 0xD869AB48


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011031200537.H58143-100000>