-
February 3rd, 2003, 01:53 AM
#1
Which to use?
Hi All, hopeing that someone out there in AO LAnd can clear something up for me.
I am trying to understand the differences both from a functionality perpsective as well as a security perspective between rlogin, shell and telnet.
I know that they are all remote command-line protocols, and that some are used for host-to-host communications. I have also read that using rlogin and shell can be considered possible security risks, but I cannot seem to find out why.
Any help would be appreciated.
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
February 3rd, 2003, 03:18 AM
#2
Here are a couple of links documenting the security vulnerabilities of each:
http://www.cert.org/advisories/CA-2001-35.html <-----this one is about ssh
http://www.cert.org/advisories/CA-1997-06.html <-------this one is about rlogin
http://www.cert.org/advisories/CA-1991-15.html <------this one is about telnet, and there are lots more where that came from.
Personally, I use SSH a lot, but I know the keys before I log in for the first time so I know I'm not being intercepted. After that, I'll trust only that key.
-
February 3rd, 2003, 04:37 AM
#3
thread_killer said enough
but use ssh instead of the above
-
February 3rd, 2003, 04:50 AM
#4
Thanks for your help peoples, but I am just trying to understand the differences in functionality between the three.
ie. what functionality does rlogin have that telnet doesnt?
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
February 3rd, 2003, 09:01 AM
#5
man page for rlogin: http://www.mkssoftware.com/docs/man1/rlogin.1.asp
telnet.org for info on telnet
i dunno, all i have ever heard about telnet is that its a lame protocol and very unsecure, possibly because of its lack of ssl...
ssh ownz though, there are so many factors that contribute to its ownage, that i cannot name them all. rlogin isnt very popular, because of its lack of functionality. same with telnet. ssh provides for many many functions.
-
February 3rd, 2003, 10:58 AM
#6
The vulnerabilities listed above are extremely old and have been fixed for quite a while. Generally rlogin and telnet have been found to be generally insecure. Rather than explain this myself, look here.
http://igloo.its.unimelb.edu.au/Webm.../msg00010.html
This site explains why these protocols are insecure. Lately ssh has been the protocol of choice due to its much enhanced security.
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is.
OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
That is quoted from http://www.openssh.com
Wine maketh merry: but money answereth all things.
--Ecclesiastes 10:19
-
February 3rd, 2003, 10:14 PM
#7
Thanks all for your contributions. Looks like I got some reading to do...
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
February 4th, 2003, 12:41 PM
#8
.rhosts as well
AFAIK, rlogin, rsh, and other r servers would allow access based on hosts address, via .rhost configuration files. This allows spoofing attacks, where one might exploit the trust relationship between hosts. There is also (or used to be, don't know) the possibility of having a stealth shell with rsh.. now this is OLD! Apart from these two issues, you may add passwords in clear text, and probably some bugs, though I never payed much attention to r*. I would say that r* and security just don't mix well.. like oil and water
Telnet sends password in clear text as well, same issue. If it happens to use a host based authentication as well, I must admit I didn't know. I think it doesn't. Connecting to port 23 then means logging in that machine, and exchanging messages according to telnet protocol, which defines a network virtual terminal.
SSH is far more secure. If you download openssh, you will also get scp and sftp for the same price.. wait, it's free anyway! As already said, it offers encryption and is more reliable. A few bugs were found, but they are fixed now.
Found in a diary:
\".... and yes, since i am a l337 hax0r, i am also using vi to write this. ^[[D^[[B^ exit ^X^C quit :x :wq dang it :w:w:w :x ^C^C^Z^D\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|