February 22nd, 2003, 08:13 PM
Why use Telnet or FTP?
My local linux group has a main admin who has signed everyone up for something called unix tips, they come everyday and this one is called: Lock Down Telnet or FTP
My question is, why run these services when passwords are not encrypted? The liability is too great.
UNIX GURU UNIVERSE
UNIX HOT TIP
Unix Tip 1879 - February 22, 2003
LOCK DOWN TELNET OR FTP
When inbound access isn't required into
a system deny users Telnet or FTP access
do the following:
Comment the line starts with Telnet or
FTP. Save the file and exit.
Stop and start the inetd daemon now by
(Your flavor may be /etc/init.d)
Now on nobody can telnet or FTP to your
server from outside network.
This tip generously supported by: xxxxxxxxxxxxxxxxxx
February 22nd, 2003, 08:21 PM
IMHO there really isint much of a reason to use telnet, because as you said it sends its passwords and everything else unencrypted, unless perhaps you were running a honeypot, but thats a different story altogether. As far as FTP goes, its pretty useful if you have to move large files around, though I don't think I would go with a standard FTPd, instead I would pick something like VsFTPd.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
February 22nd, 2003, 09:24 PM
Common sence should tell you to use SSH or sFTP to access a server. However, its not always a solution. Let say you have a webserver with frontpage extentions. Microsoft makes it easiser for you to connect through port 80 unencrypted. Although frontpage extentions have alot of secuity issues. The common guy will still use it to connect to his server.
February 23rd, 2003, 12:25 AM
Since the question is 'why use telnet or ftp ?'
Ftp still is used alot, if you have not used it you have not been around.
Telnet is a remainder off the old days where only the server had the power to process difficult jobs. It is quite hard to unbuild this from a stack of protocols like TCP/IP.
You can offcourse disable the service if you do not use it, there are more secure ways to remotely control a computer nowadays. Just remember that the securer ways would not have been here if the insecure way was not invented first. In the old days you had less worries about someone trying to steal a plaintext password. There were mischievious people who you had to take account for but in the begining of the net security was not the primary concern.
Hope this answers your question.
February 23rd, 2003, 01:26 AM
I personally do not run either of these services. I use ssh for remote login and scp for remote file transfers. The university I attend also does this, at least within the computer science department.
Ben Franklin said it best. \"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.\"