From owner-freebsd-questions Thu Nov 8 5:44:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 3706637B422 for ; Thu, 8 Nov 2001 05:44:12 -0800 (PST) Received: from hades.hell.gr (patr530-b157.otenet.gr [212.205.244.165]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id fA8Di7021245; Thu, 8 Nov 2001 15:44:07 +0200 (EET) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id fA8Di8008424; Thu, 8 Nov 2001 15:44:08 +0200 (EET) (envelope-from charon@labs.gr) Date: Thu, 8 Nov 2001 15:44:07 +0200 From: Giorgos Keramidas To: Anthony Atkielski Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <20011108154407.B2965@hades.hell.gr> References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> <20011108021537.E79276@hades.hell.gr> <002801c1682c$818807b0$0a00000a@atkielski.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002801c1682c$818807b0$0a00000a@atkielski.com> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Nov 08, 2001 at 09:08:08AM +0100, Anthony Atkielski wrote: > Giorgos writes: > > I let people login as normal users on my workstation > > from places like New Zealand, Australia or Canada ... > > Via telnet or SSH? Using SSH. > Is there any danger in allowing telnet login of unprivileged users on a system, > apart from the possibility of compromise of the user's own account? That is, > can one safely set up, say, a guest account and allow telnet login to it without > any danger to the system as a whole from unusual compromises of the telnet > protocol (if any)? I'm sure that allowing users check on system configuration files from remote SSH sessions can be proven to be kind of insecure, in a way or another. If the need for Telnet arises (someone who doesn't have an SSH client on their Windows box), I have set up a jail, and allow them to Telnet in the jail, or I insist on downloading an SSH client. > > ... only one user is in the `wheel' group (and is > > allowed to use su(1) to become root) and > > that is my own personal user account. > > Do you telnet or SSH on your own account? I'm sitting on the console of the only FreeBSD machine I have. No need to use SSH to connect to it. If this was not my workstation, and I had to remotely connect to it though, yes that would be the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message