The thing is that maybe I want to provide the solution to his real
problem, rather than the question he has posted. Maybe what he means is:
"I want to be able to easily log into my machine remotely and perform
routine administration tasks, without having to enter my password too
often".

See below ...

Tzafrir Cohen wrote:

> On Thu, 17 Jan 2002, Buchan Milne wrote:
>
>
>>I don't know how many of you guys on this list answer questions on
>>MandrakeExpert, but I do on occasion. Sometimes I get questions that I
>>don't feel comfortable answering correctly.
>>
>>For example, I answered someone who wanted to enable the telnet server
>>with a standard "Use ssh" reply (AFAIK there is no reason one would need
>>a telnet server, telnet client I can understand: some network devices
>>need configuration via telnet). The user figured telnet out himself
>>(after I explained the basics of getting ssh running, and pointing him
>>to some docs on ssh with keys).
>>
>
> Think of a home network, without any wireless devices. Physical security
> is generally assumed (If someone can break into your hous to install
> tapping, he might just as well install a camera to record your keyboard
> typing).
>
> Furthermore, Every windows machine comes with a telnet client. Not every
> such machine comes with an ssh client.

In my first reply, I gave him URLs for putty and ssh (cygwin)

>
> And ssh is a protocol that is a bit more complex than telnet, and consumes
> more CPU.
>
>
>>He then asked how to make it possible for root to log in directly
>>without needing to log in as a user first.
>>
>
> It is a simpler procedure. You want to make it more difficult: choose a
> complicated root password. If you mostly need to work on the machine as
> root (I'm not sure if such a situation exists) then there is no point in a
> more complecated procedure.
>

Protecting a clear-text password by making it longer. How does that help.

>
>>So this time, I answered that if he really wanted an insecure box, he
>>should install redhat 6.2 or so, which would set up all that for him by
>>default, rather than wasting all the work of packagers and developers
>>trying to improve security.
>>
>
> You think of a normal usage scenario. Sure, Mandrake is configured better
> now by default than it was a year ago, but my system is mine to modify to
> fit my needs.

But there are better ways than enabling root telnet. How about
generating an ssh key, putting the public key on the server, using
ssh-agent and ssh-add. If he's running windows, use putty or ssh (having
set HOME to a good place where he can store his keys), then using sudo.
More secure, even less effort than telnet.

>
> Sure I don't allow root logins through ssh. Sure, I don't keep telnet
> working in my home computer. But on my local server I have enabled finger
> even if it is not on by default. In some cases I am more strict (I disable
> SUID bit of ssh, for instance). Linux is free software.
>
> If someone asks you how to shoot himself in the leg, you should warn him
> that it will hurt, but you can't hide the gun, because it's his gun, and
> he has every right to pull the trigger.

Maybe he justs want to make a hole in his shoe, in which case it might
be better to tell him to use an electric drill (after removing his foot
from the shoe of source).

>
> (For those who don't know this: public.logica.com/~stepneys/joke/foot.htm )
>
>

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work       +27 82 472 2231 * +27 21 808 2497 ext 202
Stellenbosch Automotive Engineering         http://www.cae.co.za
For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net.  To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]