Date: Mon, 26 Jun 2000 12:32:00 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: "Jordan K. Hubbard" <jkh@zippy.osd.bsdi.com> Cc: Will Andrews <andrews@technologist.com>, arch@FreeBSD.ORG Subject: Re: Disabling inetd? Message-ID: <Pine.BSF.4.21.0006261227060.95506-100000@freefall.freebsd.org> In-Reply-To: <2962.962038079@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 26 Jun 2000, Jordan K. Hubbard wrote:
> I think it's a fairly evil idea. People expect to be able to telnet
> into a box right after it's installed and they're not always on an
> insecure LAN which makes that a security issue.
On the other hand, I would postulate that a *lot* of people out there are
still using telnet/rlogin because they're lazy and haven't bothered to
install ssh, or don't realise it's bad. IMO, we need to give these people
a gentle kick into doing the right thing. Really, there's no reason why
you can't use ssh all the time even over "trusted" connections.
But there is a legitimate concern about people who *can't* ssh. IMO, the
best solution would be to allow people to simply turn telnetd (and ftpd)
back on in an obvious place in sysinstall.
Maybe I care enough about this to finally overcome my fear of sysinstall
and attempt it: we'll see.
> Even when it is an issue, our telnet supports SRA encryption now.
SRA isn't really a good example since it's not very secure.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006261227060.95506-100000>