Date: Sun, 20 Jan 2002 01:07:53 +0100 From: Alfatrion <alfatrion@cybertron.tmfweb.nl> To: "Joe & Fhe Barbish" <barbish@a1poweruser.com> Cc: "FBSD Questions" <questions@FreeBSD.ORG> Subject: Re[2]: telnet/ftp security Message-ID: <12947636497.20020120010753@cybertron.tmfweb.nl> In-Reply-To: <LPBBIGIAAKKEOEJOLEGOGEBJCNAA.barbish@a1poweruser.com> References: <LPBBIGIAAKKEOEJOLEGOGEBJCNAA.barbish@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Joe, Saturday, January 19, 2002, 8:48:07 PM, you wrote: Resorted due to topposting.... JFB>> I have telnet & FTP ID/PW access to my FBSD gateway/ipfw JFB>> box from the internet. Are there any security holes in JFB>> these two applications that would allow breaking into my system? JFB> The biggest security holes in those application is the lack of JFB> security. Both application send the usernames, passwords and the data JFB> unencrypted. All one has to do is sniff the username and passwords to JFB> gain access to the system. SSH(v2) and sftp are the equivalent JFB> encrypted versions. (a lot of other procolls are unsave to, like pop3, JFB> smtp, ect.) JFB> I have my machine set up so that it can not be reached from the JFB> internet with telnet, but did leave other procols untouched. To JFB> compromis for this i installed the use of one-time-use password, for JFB> certain users. You can check 'man skey' for this. JFB> I only access the FBSD/gateway/ipfw box from ms/windows JFB> machines. You implied the SSH(v2) and sftp are the JFB> equivalent encrypted versions of telnet & ftp. JFB> Are these windows clients, and if so where do I get JFB> them from? Yes, No - well they are protcolls. Since i don't use sftp, I can only tell you where to get a (there are unix version to) ssh client. Putty is a free client for windows. http://www.chiark.greenend.org.uk/~sgtatham/putty/ Once installed, you have to search to change the default setting so you use SSH version 2, unlease you have reasons to do others wise. You also need to enable the SSH server on your server (same with telnet). There is no big reason not use / enable telnet, if you use it on the intranet. (You wanna close for the outside with a firewall) JFB> I read the man skey and it's assocated other commands JFB> man pages. As usual these man pages lacks any how to JFB> setup and use info. JFB> Is there any how-to-use infor you can point me to? I made my example out of the book FreeBSD unleased. Basically what you need to do is make your own rule set and put these in /etc/skey.acces (this wil also enable it) and then create your one-time-only with keyinit. So if you have the book read this. If you wanna buy a book consider it, its easy to read and covers a lot of topics. But main things you wanna read are 'man skey', 'man 5 skey.acces' and 'man 1 keyinit'. -- Best regards, Alfatrion mailto:alfatrion@cybertron.tmfweb.nl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12947636497.20020120010753>