Date: Thu, 8 Nov 2001 15:44:07 +0200 From: Giorgos Keramidas <charon@labs.gr> To: Anthony Atkielski <anthony@atkielski.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <20011108154407.B2965@hades.hell.gr> In-Reply-To: <002801c1682c$818807b0$0a00000a@atkielski.com> References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> <20011108021537.E79276@hades.hell.gr> <002801c1682c$818807b0$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 08, 2001 at 09:08:08AM +0100, Anthony Atkielski wrote: > Giorgos writes: > > I let people login as normal users on my workstation > > from places like New Zealand, Australia or Canada ... > > Via telnet or SSH? Using SSH. > Is there any danger in allowing telnet login of unprivileged users on a system, > apart from the possibility of compromise of the user's own account? That is, > can one safely set up, say, a guest account and allow telnet login to it without > any danger to the system as a whole from unusual compromises of the telnet > protocol (if any)? I'm sure that allowing users check on system configuration files from remote SSH sessions can be proven to be kind of insecure, in a way or another. If the need for Telnet arises (someone who doesn't have an SSH client on their Windows box), I have set up a jail, and allow them to Telnet in the jail, or I insist on downloading an SSH client. > > ... only one user is in the `wheel' group (and is > > allowed to use su(1) to become root) and > > that is my own personal user account. > > Do you telnet or SSH on your own account? I'm sitting on the console of the only FreeBSD machine I have. No need to use SSH to connect to it. If this was not my workstation, and I had to remotely connect to it though, yes that would be the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108154407.B2965>