From owner-cvs-all Mon Oct 9 0:56:18 2000 Delivered-To: cvs-all@freebsd.org Received: from earth.backplane.com (placeholder-dcat-1076843290.broadbandoffice.net [64.47.83.26]) by hub.freebsd.org (Postfix) with ESMTP id 40E8837B66C; Mon, 9 Oct 2000 00:56:14 -0700 (PDT) Received: (from dillon@localhost) by earth.backplane.com (8.11.0/8.9.3) id e997tsb02934; Mon, 9 Oct 2000 00:55:54 -0700 (PDT) (envelope-from dillon) Date: Mon, 9 Oct 2000 00:55:54 -0700 (PDT) From: Matt Dillon Message-Id: <200010090755.e997tsb02934@earth.backplane.com> To: Jordan Hubbard Cc: Warner Losh , Jeroen Ruigrok van der Werven , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf References: <521.971068411@winston.osd.bsdi.com> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG : :> We're kinda in a 'changing of the guard' situation in regards to :> telnet, rsh, rcp, rlogin, verses ssh. And we have been for about a :> year. The only thing holding the process up has been the patent issue :> and that is now gone. : :I have to disagree on telnet, as much as I happen to also dislike telnet. : :Picture the following scenario: You're working at a data center :setting up a dozen boxes in a rack and they are not as of yet on any :public network, they're simply hooked to a hub/switch and can talk to :one another and the windows laptop you have with you (since all the :really colorful network sniff/trace software works under windows). :You'd like to sit in the corner and use the laptop to log into each :box to further configure it, and let's further say that your laptop :just got Windows last week and is a pretty stock install. : :In the sterner new world you're describing, a whole bunch of extra :work is now required to go find another network at that data center :which talks to the outside so that something like putty can be :located, downloaded and intalled onto the Windows laptop so that it :can talk to these boxes by default at all. Either that or you need to :physically get to each box and turn telnetd back on again before you :can log in. It seems like it's making things more complex than they :need to be for an out-of-box configuration. If Windows and Macintosh :boxes supported ssh clients out of the box, perhaps I'd feel :differently. : :- Jordan I'm trying to imagine someone setting up a bunch of UNIX boxes in a rack using a windows laptop rather then a unix laptop... and failing. Normally I assume that my network is insecure, even if there are only UNIX boxes on it all under my control. Nobody in their right mind assumes a LAN with windows boxes on it to be even close to secure, so running telnet from a windows box to configure a bunch of UNIX machines makes even less sense then using the windows box (laptop) in the first place instead of a UNIX laptop. And also, in order to make telnet operate out of the box you have to setup a password anyway. Anyone booting a UNIX box with enough self-configuration to setup a password to telnet into can just as easily generate self-configuration to setup public and host keys and run sshd... and it's a hellofalot more secure. I think we'd be saving sysops from themselves by making them consider something other then telnet! I have not personally used telnet in at least four years - not now, not at home, not at BEST. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message