From owner-freebsd-arch Mon Jun 26 12:32: 2 2000 Delivered-To: freebsd-arch@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 25D4837BB8F; Mon, 26 Jun 2000 12:32:00 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA97737; Mon, 26 Jun 2000 12:32:00 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 26 Jun 2000 12:32:00 -0700 (PDT) From: Kris Kennaway To: "Jordan K. Hubbard" Cc: Will Andrews , arch@FreeBSD.ORG Subject: Re: Disabling inetd? In-Reply-To: <2962.962038079@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 26 Jun 2000, Jordan K. Hubbard wrote: > I think it's a fairly evil idea. People expect to be able to telnet > into a box right after it's installed and they're not always on an > insecure LAN which makes that a security issue. On the other hand, I would postulate that a *lot* of people out there are still using telnet/rlogin because they're lazy and haven't bothered to install ssh, or don't realise it's bad. IMO, we need to give these people a gentle kick into doing the right thing. Really, there's no reason why you can't use ssh all the time even over "trusted" connections. But there is a legitimate concern about people who *can't* ssh. IMO, the best solution would be to allow people to simply turn telnetd (and ftpd) back on in an obvious place in sysinstall. Maybe I care enough about this to finally overcome my fear of sysinstall and attempt it: we'll see. > Even when it is an issue, our telnet supports SRA encryption now. SRA isn't really a good example since it's not very secure. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message