|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Re: Why Install Telnet by Default?
From: John Summerfield (suse
herakles.homelinux.org)
Date: Thu Dec 08 2005 - 19:19:29 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randall R Schulz wrote:
> John,
>
> On Thursday 08 December 2005 16:39, John Summerfield wrote:
>> ...
>>
>>>> I use ssh rather than telnet, rsh, rexec etc because it's more
>>>> convenient. Mostly, I control the wire or go through a vpn I
>>>> control.
>>> That depends, I guess, on how you define convenience. I know of
>>> nothing about configuring or using SSH-based services that is more
>>> convenient than using plain old (non-secure) telnet. (Even if
>>> SSH-based services are taken out of the picture entirely, I still
>>> have to type several passwords many times each day, so keyed access
>>> isn't going to make my life much more convenient.)
>> Using ssh, I can arrange for secure passwordless authentication.
>> That's a greate convenience I could never achieve with telnet, though
>> I did sort of fudge it with an expect script.
>
> I'm surprised so many very security-conscious people think that
> passwordless is such a good thing. Now you've made physical access to
> your computer all that is required to gain access to all the other
> hosts for which you've set up passwordless access. What's more, from
> the perspective of the administrators of those systems, it's you who
> has accessed their resources and you'll get the blame, at least
> initially, for any malicious actions.
Physical acces involves electronic security (locks and monitored
alarms), mechanical keylocks and having your photo taken while on the
job. Once you have physical access, passwords are moot.
Or detailed knowledge. Our data has little commercial value; if you want
a site to cause mahem to the internet, there are easier pickings. Half a
dozen unsecured wireless APs where I live for starters.
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]