From owner-freebsd-hackers Wed Mar 1 19:16:19 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id TAA12595 for hackers-outgoing; Wed, 1 Mar 1995 19:16:19 -0800 Received: from bunyip.cc.uq.oz.au (bunyip.cc.uq.oz.au [130.102.2.1]) by freefall.cdrom.com (8.6.9/8.6.6) with SMTP id TAA12583 for ; Wed, 1 Mar 1995 19:16:16 -0800 Received: from wcs.uq.edu.au (actually juno.wcs.uq.edu.au) by bunyip.cc.uq.oz.au with SMTP (PP); Thu, 2 Mar 1995 13:15:49 +1000 Received: by wcs.uq.edu.au (4.1/SMI-4.1) id AA20808; Thu, 2 Mar 95 13:15:34 EST From: Gary Roberts Message-Id: <9503020315.AA20808@wcs.uq.edu.au> Subject: Re: key exchange for rlogin/telnet services? To: mark@grondar.za (Mark Murray) Date: Thu, 2 Mar 1995 13:15:34 +1000 (EST) Cc: hackers@FreeBSD.org In-Reply-To: <199503011535.RAA12611@grunt.grondar.za> from "Mark Murray" at Mar 1, 95 05:35:19 pm X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1373 Sender: hackers-owner@FreeBSD.org Precedence: bulk Mark Murray writes: > > > For non-US readers, there are sources of encrypting telnet on ftp.funet.fi > > in /pub/unix/security/telnet/ > > It is in the non-US secure dist available in > ftp://skeleton.mikom.csir.co.za/pub/FreeBSD/FreeBSD-current/ I've followed this thread right from Jordan's original query about encrypting the whole session. Some responses have suggested that you only need to encrypt the password passing stage. Jordan was worried about the password being sniffed during an `su' if I recall correctly. If you are linking to a remote server from a single user box (ie you and root are the only entries with shells in the password file) with tcp wrappers applied at both ends and the server machine having a very restricted user base as well (five very trusted users), is it safe to use the `hosts.equiv' mechanism to allow rlogins without passwords? My (possibly naive) reasoning is that if you are not passing a password then it can't be sniffed. I guess I won't be surprised to see someone highlighting other dangers that this approach causes but as I don't understand the subtleties of security issues, I thought I'd ask and see what howls of despair are unleashed :->. Cheers, -- Gary Roberts (gary@wcs.uq.edu.au) (Ph +617 844 0400 Fax +617 844 0444) 4th Floor, South Bank House, 234 Grey St, South Bank QLD 4101 Australia.