From owner-freebsd-questions@FreeBSD.ORG Wed Feb 14 02:33:33 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D4F3116A401 for ; Wed, 14 Feb 2007 02:33:33 +0000 (UTC) (envelope-from jhall@vandaliamo.net) Received: from trueband.net (trueband.net [216.163.120.10]) by mx1.freebsd.org (Postfix) with SMTP id 7F9D213C4A6 for ; Wed, 14 Feb 2007 02:33:33 +0000 (UTC) (envelope-from jhall@vandaliamo.net) Received: (qmail 3446 invoked by uid 1006); 14 Feb 2007 02:33:32 -0000 Received: from jhall@vandaliamo.net by rs0 by uid 1003 with qmail-scanner-1.16 (spamassassin: 3.1.4. Clear:SA:0(1.4/100.0):. Processed in 1.348624 secs); 14 Feb 2007 02:33:32 -0000 X-Spam-Status: No, hits=1.4 required=100.0 X-Spam-Level: * Received: from unknown (HELO trueband.net) (172.16.0.12) by -v with SMTP; 14 Feb 2007 02:33:31 -0000 Received: (qmail 22890 invoked from network); 14 Feb 2007 02:33:31 -0000 Received: from unknown (HELO admintool.trueband.net) (127.0.0.1) by -v with SMTP; 14 Feb 2007 02:33:31 -0000 Received: from 12.170.206.13 (SquirrelMail authenticated user jhall@vandaliamo.net) by admintool.trueband.net with HTTP; Wed, 14 Feb 2007 02:33:31 -0000 (GMT) Message-ID: <1507.12.170.206.13.1171420411.squirrel@admintool.trueband.net> In-Reply-To: <45D2626B.4090105@daleco.biz> References: <1106.12.170.206.13.1171409719.squirrel@admintool.trueband.net> <45D2626B.4090105@daleco.biz> Date: Wed, 14 Feb 2007 02:33:31 -0000 (GMT) From: jhall@vandaliamo.net To: "Kevin Kinsey" User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: jhall@vandaliamo.net, freebsd-questions@freebsd.org Subject: Re: Secure Telnet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 02:33:33 -0000 > jhall@vandaliamo.net wrote: >> I am working with one of my vendors and they are asking for a secure >> telnet program on my FreeBSD box. >> > > fbsd06@mlists.homeunix.com wrote: > > > What's wrong with ssh? > > Indeed. Perhaps you can tell us what client the vendor is using; it > seems likely that most programs that do "secure telnet" will also talk > to sshd. If they're using Windows (most likely) and don't have a > particular "must use" client, PuTTY is fine, and does SSH and telnet > pretty well. > >> Can anyone recommend a port for the secure telnet program, or a source >> where I can obtain one? >> > Interestingly enough, if you take a look at the Makefile in > src/libexec/telnetd/ it seems to indicate that FreeBSD's telnetd is > compiled with SSL support; you might attempt telnet from within the BSD > box and see if it works, as telnet(1) seems to indicate that data is > encrypted by default. Grab packets and see if you can read things like > passphrases ;-) [1] > >> I was able to make rlogin work (from my laptop), but I was not able to >> use >> rlogion from the FreeBSD box since I need to connect to a non-standard >> port (2002). > > Interesting choice of numbers; ssh is port 22. Are you sure they're not > open to using ssh? > >> As an alternative, is it possible to make the rlogin client >> connect to a non-standard port? >> > I wouldn't think of rlogin as an alternative, and, no, the manpage > doesn't seem to indicate this. Also, unless this system isn't publicly > available (and the need for "secure telnet" from a "vendor" seems to > indicate that this isn't the case), you shouldn't allow rlogin; once > again, ssh can do anything rlogin/rsh can, and do it with encryption. > > Kevin Kinsey > DaleCo, S.P. (Jasper, MO!!! Hi!) > > [1] Keep in mind that there **must** be a reason why SSH is preferred > over telnet, even if telnet supports SSL/Kerberos/TLS/Whatever, and > encourage the use of ssh from your vendor if possible. > > -- > Progress is impossible without change, and those who > cannot change their minds cannot change anything. > -- George Bernard Shaw > Thanks. I'll see if there is the "preferred method", and ssh is an alternative. Jay