From owner-freebsd-questions Wed Oct 31 17:15:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smnolde.com (rr-163-54-1.atl.mediaone.net [24.163.54.1]) by hub.freebsd.org (Postfix) with ESMTP id 3E68E37B405 for ; Wed, 31 Oct 2001 17:15:41 -0800 (PST) Received: from bsd.smnolde.com ([192.168.10.7] helo=bsd) by smnolde.com with esmtp (Exim 3.30 #1) id 15z6SK-000MGu-00; Wed, 31 Oct 2001 20:15:40 -0500 Date: Wed, 31 Oct 2001 20:15:39 -0500 (EST) From: Scott Nolde To: alexus Cc: , Subject: Re: telnet In-Reply-To: <001701c16258$c3795f40$64625c42@alexus> Message-ID: <20011031200537.H58143-100000@bsd.smnolde.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You'd have to authenticate your telnet users differently than your ssh users by modifying pam. For example, at my office, for a BSD box, I have telnet users authenticating off a RADIUS server, yet SSH users authenticate locally. Realistically, using SSH for access to the box is preferred since no authentication parameters are sent in plaintext. If some of your users are coming in via win32 clients, there's always PuTTY. - Scott smacked into the keyboard previously by owner-freebsd-questions@FreeBSD.ORG: >Date: Wed, 31 Oct 2001 17:09:51 -0500 >From: alexus >To: cjclark@alum.mit.edu >Cc: freebsd-questions@FreeBSD.ORG >Subject: Re: telnet > >i'm talking about telnetd not telnet client > >----- Original Message ----- >From: "Crist J. Clark" >To: "alexus" >Cc: >Sent: Wednesday, October 31, 2001 4:43 PM >Subject: Re: telnet > > >> On Wed, Oct 31, 2001 at 01:34:44AM -0500, alexus wrote: >> > can i allow only certain users to use telnet >> >> Change the permissions on /usr/bin/telnet to 550, put all users who >> you want to allow to use it into one group, and change the ownership >> of /usr/bin/telnet to that group. >> >> > and all other will have to use ssh only? >> >> But that does not stop someone from copying a telnet executable to >> their home directory and using that. >> >> If you set up a firewall on the machine, >> >> # ipfw pass tcp from any to any 23 out gid >> # ipfw deny tcp from any to any 23 out >> >> So that only the "telnet-group" can try to reach the usual telnet port >> on remote machines. >> -- >> Crist J. Clark cjclark@alum.mit.edu >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message