Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 Nov 2001 15:44:07 +0200
From:      Giorgos Keramidas <charon@labs.gr>
To:        Anthony Atkielski <anthony@atkielski.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Re[2]: Tiny starter configuration for FreeBSD
Message-ID:  <20011108154407.B2965@hades.hell.gr>
In-Reply-To: <002801c1682c$818807b0$0a00000a@atkielski.com>
References:  <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> <20011108021537.E79276@hades.hell.gr> <002801c1682c$818807b0$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Nov 08, 2001 at 09:08:08AM +0100, Anthony Atkielski wrote:
> Giorgos writes:
> > I let people login as normal users on my workstation
> > from places like New Zealand, Australia or Canada ...
>
> Via telnet or SSH?

Using SSH.

> Is there any danger in allowing telnet login of unprivileged users on a system,
> apart from the possibility of compromise of the user's own account?  That is,
> can one safely set up, say, a guest account and allow telnet login to it without
> any danger to the system as a whole from unusual compromises of the telnet
> protocol (if any)?

I'm sure that allowing users check on system configuration files from
remote SSH sessions can be proven to be kind of insecure, in a way or
another.  If the need for Telnet arises (someone who doesn't have an
SSH client on their Windows box), I have set up a jail, and allow them
to Telnet in the jail, or I insist on downloading an SSH client.

> > ... only one user is in the `wheel' group (and is
> > allowed to use su(1) to become root) and
> > that is my own personal user account.
>
> Do you telnet or SSH on your own account?

I'm sitting on the console of the only FreeBSD machine I have.  No
need to use SSH to connect to it.  If this was not my workstation, and
I had to remotely connect to it though, yes that would be the way.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108154407.B2965>