Date: Mon, 9 Oct 2000 00:55:54 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Jordan Hubbard <jkh@winston.osd.bsdi.com> Cc: Warner Losh <imp@village.org>, Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <200010090755.e997tsb02934@earth.backplane.com> References: <521.971068411@winston.osd.bsdi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:
:> We're kinda in a 'changing of the guard' situation in regards to
:> telnet, rsh, rcp, rlogin, verses ssh. And we have been for about a
:> year. The only thing holding the process up has been the patent issue
:> and that is now gone.
:
:I have to disagree on telnet, as much as I happen to also dislike telnet.
:
:Picture the following scenario: You're working at a data center
:setting up a dozen boxes in a rack and they are not as of yet on any
:public network, they're simply hooked to a hub/switch and can talk to
:one another and the windows laptop you have with you (since all the
:really colorful network sniff/trace software works under windows).
:You'd like to sit in the corner and use the laptop to log into each
:box to further configure it, and let's further say that your laptop
:just got Windows last week and is a pretty stock install.
:
:In the sterner new world you're describing, a whole bunch of extra
:work is now required to go find another network at that data center
:which talks to the outside so that something like putty can be
:located, downloaded and intalled onto the Windows laptop so that it
:can talk to these boxes by default at all. Either that or you need to
:physically get to each box and turn telnetd back on again before you
:can log in. It seems like it's making things more complex than they
:need to be for an out-of-box configuration. If Windows and Macintosh
:boxes supported ssh clients out of the box, perhaps I'd feel
:differently.
:
:- Jordan
I'm trying to imagine someone setting up a bunch of UNIX
boxes in a rack using a windows laptop rather then a unix laptop...
and failing. Normally I assume that my network is insecure, even
if there are only UNIX boxes on it all under my control. Nobody
in their right mind assumes a LAN with windows boxes on it
to be even close to secure, so running telnet from a windows box
to configure a bunch of UNIX machines makes even less
sense then using the windows box (laptop) in the first place
instead of a UNIX laptop.
And also, in order to make telnet operate out of the box you have
to setup a password anyway. Anyone booting a UNIX box with
enough self-configuration to setup a password to telnet into
can just as easily generate self-configuration to setup
public and host keys and run sshd... and it's a hellofalot more secure.
I think we'd be saving sysops from themselves by making them
consider something other then telnet! I have not personally used
telnet in at least four years - not now, not at home, not at
BEST.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010090755.e997tsb02934>