Date: Thu, 2 Mar 1995 13:15:34 +1000 (EST) From: Gary Roberts <gary@wcs.uq.oz.au> To: mark@grondar.za (Mark Murray) Cc: hackers@FreeBSD.org Subject: Re: key exchange for rlogin/telnet services? Message-ID: <9503020315.AA20808@wcs.uq.edu.au> In-Reply-To: <199503011535.RAA12611@grunt.grondar.za> from "Mark Murray" at Mar 1, 95 05:35:19 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray writes: > > > For non-US readers, there are sources of encrypting telnet on ftp.funet.fi > > in /pub/unix/security/telnet/ > > It is in the non-US secure dist available in > ftp://skeleton.mikom.csir.co.za/pub/FreeBSD/FreeBSD-current/<somewhere>; I've followed this thread right from Jordan's original query about encrypting the whole session. Some responses have suggested that you only need to encrypt the password passing stage. Jordan was worried about the password being sniffed during an `su' if I recall correctly. If you are linking to a remote server from a single user box (ie you and root are the only entries with shells in the password file) with tcp wrappers applied at both ends and the server machine having a very restricted user base as well (five very trusted users), is it safe to use the `hosts.equiv' mechanism to allow rlogins without passwords? My (possibly naive) reasoning is that if you are not passing a password then it can't be sniffed. I guess I won't be surprised to see someone highlighting other dangers that this approach causes but as I don't understand the subtleties of security issues, I thought I'd ask and see what howls of despair are unleashed :->. Cheers, -- Gary Roberts (gary@wcs.uq.edu.au) (Ph +617 844 0400 Fax +617 844 0444) 4th Floor, South Bank House, 234 Grey St, South Bank QLD 4101 Australia.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9503020315.AA20808>