Date: Tue, 13 Feb 2007 19:14:19 -0600 From: Kevin Kinsey <kdk@daleco.biz> To: jhall@vandaliamo.net Cc: freebsd-questions@freebsd.org Subject: Re: Secure Telnet Message-ID: <45D2626B.4090105@daleco.biz> In-Reply-To: <1106.12.170.206.13.1171409719.squirrel@admintool.trueband.net> References: <1106.12.170.206.13.1171409719.squirrel@admintool.trueband.net>
next in thread | previous in thread | raw e-mail | index | archive | help
jhall@vandaliamo.net wrote: > I am working with one of my vendors and they are asking for a secure > telnet program on my FreeBSD box. > fbsd06@mlists.homeunix.com wrote: > What's wrong with ssh? Indeed. Perhaps you can tell us what client the vendor is using; it seems likely that most programs that do "secure telnet" will also talk to sshd. If they're using Windows (most likely) and don't have a particular "must use" client, PuTTY is fine, and does SSH and telnet pretty well. > Can anyone recommend a port for the secure telnet program, or a source > where I can obtain one? > Interestingly enough, if you take a look at the Makefile in src/libexec/telnetd/ it seems to indicate that FreeBSD's telnetd is compiled with SSL support; you might attempt telnet from within the BSD box and see if it works, as telnet(1) seems to indicate that data is encrypted by default. Grab packets and see if you can read things like passphrases ;-) [1] > I was able to make rlogin work (from my laptop), but I was not able to use > rlogion from the FreeBSD box since I need to connect to a non-standard > port (2002). Interesting choice of numbers; ssh is port 22. Are you sure they're not open to using ssh? > As an alternative, is it possible to make the rlogin client > connect to a non-standard port? > I wouldn't think of rlogin as an alternative, and, no, the manpage doesn't seem to indicate this. Also, unless this system isn't publicly available (and the need for "secure telnet" from a "vendor" seems to indicate that this isn't the case), you shouldn't allow rlogin; once again, ssh can do anything rlogin/rsh can, and do it with encryption. Kevin Kinsey DaleCo, S.P. (Jasper, MO!!! Hi!) [1] Keep in mind that there **must** be a reason why SSH is preferred over telnet, even if telnet supports SSL/Kerberos/TLS/Whatever, and encourage the use of ssh from your vendor if possible. -- Progress is impossible without change, and those who cannot change their minds cannot change anything. -- George Bernard Shaw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D2626B.4090105>