Date: Wed, 14 Feb 2007 02:33:31 -0000 (GMT) From: jhall@vandaliamo.net To: "Kevin Kinsey" <kdk@daleco.biz> Cc: jhall@vandaliamo.net, freebsd-questions@freebsd.org Subject: Re: Secure Telnet Message-ID: <1507.12.170.206.13.1171420411.squirrel@admintool.trueband.net> In-Reply-To: <45D2626B.4090105@daleco.biz> References: <1106.12.170.206.13.1171409719.squirrel@admintool.trueband.net> <45D2626B.4090105@daleco.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
> jhall@vandaliamo.net wrote: >> I am working with one of my vendors and they are asking for a secure >> telnet program on my FreeBSD box. >> > > fbsd06@mlists.homeunix.com wrote: > > > What's wrong with ssh? > > Indeed. Perhaps you can tell us what client the vendor is using; it > seems likely that most programs that do "secure telnet" will also talk > to sshd. If they're using Windows (most likely) and don't have a > particular "must use" client, PuTTY is fine, and does SSH and telnet > pretty well. > >> Can anyone recommend a port for the secure telnet program, or a source >> where I can obtain one? >> > Interestingly enough, if you take a look at the Makefile in > src/libexec/telnetd/ it seems to indicate that FreeBSD's telnetd is > compiled with SSL support; you might attempt telnet from within the BSD > box and see if it works, as telnet(1) seems to indicate that data is > encrypted by default. Grab packets and see if you can read things like > passphrases ;-) [1] > >> I was able to make rlogin work (from my laptop), but I was not able to >> use >> rlogion from the FreeBSD box since I need to connect to a non-standard >> port (2002). > > Interesting choice of numbers; ssh is port 22. Are you sure they're not > open to using ssh? > >> As an alternative, is it possible to make the rlogin client >> connect to a non-standard port? >> > I wouldn't think of rlogin as an alternative, and, no, the manpage > doesn't seem to indicate this. Also, unless this system isn't publicly > available (and the need for "secure telnet" from a "vendor" seems to > indicate that this isn't the case), you shouldn't allow rlogin; once > again, ssh can do anything rlogin/rsh can, and do it with encryption. > > Kevin Kinsey > DaleCo, S.P. (Jasper, MO!!! Hi!) > > [1] Keep in mind that there **must** be a reason why SSH is preferred > over telnet, even if telnet supports SSL/Kerberos/TLS/Whatever, and > encourage the use of ssh from your vendor if possible. > > -- > Progress is impossible without change, and those who > cannot change their minds cannot change anything. > -- George Bernard Shaw > Thanks. I'll see if there is the "preferred method", and ssh is an alternative. Jay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1507.12.170.206.13.1171420411.squirrel>