Secure Telnet

jhall at vandaliamo.net jhall at vandaliamo.net
Wed Feb 14 02:33:33 UTC 2007 

> jhall at vandaliamo.net wrote:
>> I am working with one of my vendors and they are asking for a secure
>> telnet program on my FreeBSD box.
>>
>
> fbsd06 at mlists.homeunix.com wrote:
>
>  > What's wrong with ssh?
>
> Indeed.  Perhaps you can tell us what client the vendor is using; it
> seems likely that most programs that do "secure telnet" will also talk
> to sshd.  If they're using Windows (most likely) and don't have a
> particular "must use" client, PuTTY is fine, and does SSH and telnet
> pretty well.
>
>> Can anyone recommend a port for the secure telnet program, or a source
>> where I can obtain one?
>>
> Interestingly enough, if you take a look at the Makefile in
> src/libexec/telnetd/ it seems to indicate that FreeBSD's telnetd is
> compiled with SSL support; you might attempt telnet from within the BSD
> box and see if it works, as telnet(1) seems to indicate that data is
> encrypted by default.  Grab packets and see if you can read things like
> passphrases ;-)  [1]
>
>> I was able to make rlogin work (from my laptop), but I was not able to
>> use
>> rlogion from the FreeBSD box since I need to connect to a non-standard
>> port (2002).
>
> Interesting choice of numbers; ssh is port 22.  Are you sure they're not
> open to using ssh?
>
>> As an alternative, is it possible to make the rlogin client
>> connect to a non-standard port?
>>
> I wouldn't think of rlogin as an alternative, and, no, the manpage
> doesn't seem to indicate this.  Also, unless this system isn't publicly
> available (and the need for "secure telnet" from a "vendor" seems to
> indicate that this isn't the case), you shouldn't allow rlogin; once
> again, ssh can do anything rlogin/rsh can, and do it with encryption.
>
> Kevin Kinsey
> DaleCo, S.P.  (Jasper, MO!!! Hi!)
>
> [1] Keep in mind that there **must** be a reason why SSH is preferred
> over telnet, even if telnet supports SSL/Kerberos/TLS/Whatever, and
> encourage the use of ssh from your vendor if possible.
>
> --
> Progress is impossible without change, and those who
> cannot change their minds cannot change anything.
> 		-- George Bernard Shaw
>


Thanks.  I'll see if there is the "preferred method", and ssh is an
alternative.


Jay

More information about the freebsd-questions mailing list