RE: Permit root login for telnet..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have found instances where a program is written to send scripts back &
forth through the terminal, but can't do the encryption itself.

For instance, if you were only using it to run a set-up script on a
brand new computer, you'd do a minimal install (or use a boot disk), and
then have a little program telnet in & choose appropriate packages for
the machine based on certain characteristics.

I used to do this all the time in the DOS/Windows world - a machine got
a custom load, depending on what it needed.  It logged in as a user that
had only read priviledges on the server, so if somebody did manage to
sniff it (while I was alone in the labs), no damage could be done other
thaqn downloading tarballs.

I did this all in clear-text passwords over telnet & ftp.  Of course, I
usually only did it late at night or early in the morning when no one
was in the labs (and I had keys to the doors).

Doing this simplified life for me greatly.  After a while, we figured
out how to do this every night, to ensure we wiped out virii & so forth
that (l)users had gotten onto the machines & so forth - basically
reformatting every drive every night and reinstalling the complete
loadset.  We could reload 100 computers in the course of about 2 hours.

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of
A.Fadyushin@xxxxxxxxxxxx
Sent: Tuesday, August 29, 2006 10:51 AM
To: redhat-list@xxxxxxxxxx
Subject: RE: Permit root login for telnet..

Actually, the situation is slightly better because the user would need
some privileges to run a sniffer (at least in Linux). So, if nobody
could attach his own computer directly to the network where the
passwords are (or potentially could, for example due to the routing
changes) sent and all users with the appropriate privileges on already
attached computers are trusted (for example, them already know the
passwords of the users who will use telnet) there should be no problem
as long as these conditions exist. However, most probably, these
conditions would not be fulfilled in reality and the passwords sent via
telnet would be compromised.
It is much better to use SSH because it will send all information
(including passwords) in encrypted form only. Every task which can be
done with telnet can be done with SSH also.

Alexey Fadyushin
Brainbench MVP for Linux.
http://www.brainbench.com

> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- 
> bounces@xxxxxxxxxx] On Behalf Of Burke, Thomas G.
> Sent: Friday, August 25, 2006 11:02 PM
> To: General Red Hat Linux discussion list
> Subject: RE: Permit root login for telnet..
> 
>  Shekhar,
> 
> 	I don't remember how to turn on telnet.
> 
> 	That said, *ANY* comuter that can access the netowrk this server
is 
> on can be used to sniff a clear-text password sent through telnet.
I
> understand that in your specific case, this may be OK, but are you 
> absolutely sure that *every* employee accessing one of these computers

> can be trusted not to set up a sniffer?  And any future employees?
> There is no point in having a server if no one's computer can access
it.
> 
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Shekhar Dhotre
> Sent: Friday, August 25, 2006 2:53 PM
> To: General Red Hat Linux discussion list
> Subject: RE: Permit root login for telnet..
> 
> Bank of China - Shanghai .
> 
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steve Rieger
> Sent: Friday, August 25, 2006 1:15 PM
> To: General Red Hat Linux discussion list
> Cc: Bliss, Aaron
> Subject: Re: Permit root login for telnet..
> 
> i would like to know what bank you work for, am gonna make sure to
close
> 
> any account i have there.
> 
> 
> 
> sorry for the top post.
> 
> 
> Shekhar Dhotre wrote:
> > OK , no one has access to network room here than Coms guys . Even I 
> > cannot go in as I am in Unix/Storages group. Our comm. guys are not 
> > interested in checking our passwords.
> >
> > Also they have access to most of the prod switches, so they are
> trusted
> > by the business. Again not a risk .
> >
> > -----Original Message-----
> > From: Bliss, Aaron [mailto:ABliss@xxxxxxxxxxxxxxxxx]
> > Sent: Friday, August 25, 2006 9:44 AM
> > To: Shekhar Dhotre; General Red Hat Linux discussion list
> > Subject: RE: Permit root login for telnet..
> >
> > Sure, just turn on ethereal, plug into the span port on the switch.
> > Very straight forward; there are even software based packet sniffers

> > than can sniff past switches.
> >
> > Aaron
> >
> > -----Original Message-----
> > From: Shekhar Dhotre [mailto:sdhotre@xxxxxxxxxxxx]
> > Sent: Friday, August 25, 2006 9:25 AM
> > To: Bliss, Aaron; General Red Hat Linux discussion list
> > Subject: RE: Permit root login for telnet..
> >
> > Again that's all good . But, can you tell me how to see password of 
> > other sysadmin if he is accessing system via telnet?
> >
> > -----Original Message-----
> > From: Bliss, Aaron [mailto:ABliss@xxxxxxxxxxxxxxxxx]
> > Sent: Friday, August 25, 2006 9:22 AM
> > To: Bliss, Aaron; Shekhar Dhotre; General Red Hat Linux discussion
> list
> > Subject: RE: Permit root login for telnet..
> >
> > Telnet is also vulnerable to man in the middle attacks and ssh
offers
> > post authentication; telnet does not.
> >
> > Aaron
> >
> > -----Original Message-----
> > From: redhat-list-bounces@xxxxxxxxxx 
> > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bliss, Aaron
> > Sent: Friday, August 25, 2006 9:13 AM
> > To: Shekhar Dhotre; General Red Hat Linux discussion list
> > Subject: RE: Permit root login for telnet..
> >
> > Telent is a clear text protocol; ssh isn't.
> >
> > -----Original Message-----
> > From: redhat-list-bounces@xxxxxxxxxx 
> > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Shekhar Dhotre
> > Sent: Friday, August 25, 2006 9:11 AM
> > To: General Red Hat Linux discussion list
> > Subject: RE: Permit root login for telnet..
> >
> > I have used telnet before ssh came in to the market . Do you know
how
> to
> > hack telnet ? or break a root password without having physical
access
> to
> > the system ? most likely the answer will be - NO .. so what's the
big
> > deal in ssh vs. telnet ?
> >
> > -----Original Message-----
> > From: redhat-list-bounces@xxxxxxxxxx 
> > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Greg Golin
> > Sent: Friday, August 25, 2006 2:12 AM
> > To: General Red Hat Linux discussion list
> > Subject: Re: Permit root login for telnet..
> >
> > Dear Arun,
> >
> > You do NOT want to enable root login via telnet - trust me on this 
> > one. Please tell the list what you are trying to accomplish - 99.9% 
> > chance is that whatever you are trying to do can, and should be done

> > via ssh.
> >
> > Kind Regards,
> > Gregory Golin
> > Systems Admin
> >
> > On 8/24/06, Arun Williams <perks_williams@xxxxxxxxxxx> wrote:
> >
> >> How can i enable root login for telnet....
> >>
> >>   I tried editing /etc/pam.d/login .... but no use
> >>
> >>
> >> ____________________________
> >> Regards
> >> A.Williams
> >> IN THIS WORLD FULL OF DREAMS AND IMAGINATION, LOOK FOR
> >>
> > POSSIBILITIES...
> >
> >>
> >>
> >> ---------------------------------
> >>  Here's a new way to find what you're looking for - Yahoo! Answers 
> >> Send FREE SMS to your friend's mobile from Yahoo! Messenger Version
> >>
> > 8. Get it NOW
> >
> >> --
> >> redhat-list mailing list
> >> unsubscribe
mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >>
> >
> >
> 
> 
> --
> --
> eats the blues for breakfast,
> does unix for rent,
> plays harp for food,
> will play the flute for kicks
> rides for the freedom
> scrapes for thechallenge
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux