Which to use?
Results 1 to 8 of 8

Thread: Which to use?

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    371

    Which to use?

    Hi All, hopeing that someone out there in AO LAnd can clear something up for me.

    I am trying to understand the differences both from a functionality perpsective as well as a security perspective between rlogin, shell and telnet.

    I know that they are all remote command-line protocols, and that some are used for host-to-host communications. I have also read that using rlogin and shell can be considered possible security risks, but I cannot seem to find out why.

    Any help would be appreciated.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Here are a couple of links documenting the security vulnerabilities of each:

    http://www.cert.org/advisories/CA-2001-35.html <-----this one is about ssh

    http://www.cert.org/advisories/CA-1997-06.html <-------this one is about rlogin

    http://www.cert.org/advisories/CA-1991-15.html <------this one is about telnet, and there are lots more where that came from.



    Personally, I use SSH a lot, but I know the keys before I log in for the first time so I know I'm not being intercepted. After that, I'll trust only that key.

  3. #3
    Banned
    Join Date
    Dec 2002
    Posts
    394
    thread_killer said enough

    but use ssh instead of the above

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Thanks for your help peoples, but I am just trying to understand the differences in functionality between the three.

    ie. what functionality does rlogin have that telnet doesnt?
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  5. #5
    er0k
    Guest
    man page for rlogin: http://www.mkssoftware.com/docs/man1/rlogin.1.asp

    telnet.org for info on telnet

    i dunno, all i have ever heard about telnet is that its a lame protocol and very unsecure, possibly because of its lack of ssl...

    ssh ownz though, there are so many factors that contribute to its ownage, that i cannot name them all. rlogin isnt very popular, because of its lack of functionality. same with telnet. ssh provides for many many functions.

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    689
    Originally posted here by thread_killer
    Here are a couple of links documenting the security vulnerabilities of each:

    http://www.cert.org/advisories/CA-2001-35.html <-----this one is about ssh

    http://www.cert.org/advisories/CA-1997-06.html <-------this one is about rlogin

    http://www.cert.org/advisories/CA-1991-15.html <------this one is about telnet, and there are lots more where that came from.



    Personally, I use SSH a lot, but I know the keys before I log in for the first time so I know I'm not being intercepted. After that, I'll trust only that key.
    The vulnerabilities listed above are extremely old and have been fixed for quite a while. Generally rlogin and telnet have been found to be generally insecure. Rather than explain this myself, look here.

    http://igloo.its.unimelb.edu.au/Webm.../msg00010.html

    This site explains why these protocols are insecure. Lately ssh has been the protocol of choice due to its much enhanced security.

    OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is.

    OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
    That is quoted from http://www.openssh.com
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Thanks all for your contributions. Looks like I got some reading to do...
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  8. #8
    Member
    Join Date
    Dec 2002
    Posts
    88

    .rhosts as well

    AFAIK, rlogin, rsh, and other r servers would allow access based on hosts address, via .rhost configuration files. This allows spoofing attacks, where one might exploit the trust relationship between hosts. There is also (or used to be, don't know) the possibility of having a stealth shell with rsh.. now this is OLD! Apart from these two issues, you may add passwords in clear text, and probably some bugs, though I never payed much attention to r*. I would say that r* and security just don't mix well.. like oil and water

    Telnet sends password in clear text as well, same issue. If it happens to use a host based authentication as well, I must admit I didn't know. I think it doesn't. Connecting to port 23 then means logging in that machine, and exchanging messages according to telnet protocol, which defines a network virtual terminal.

    SSH is far more secure. If you download openssh, you will also get scp and sftp for the same price.. wait, it's free anyway! As already said, it offers encryption and is more reliable. A few bugs were found, but they are fixed now.

    Found in a diary:
    \".... and yes, since i am a l337 hax0r, i am also using vi to write this. ^[[D^[[B^ exit ^X^C quit :x :wq dang it :w:w:w :x ^C^C^Z^D\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •