hi guyz, i've just installed SuSe Linux 7.1 on my machine which is netwotked and a friend of mine told me that i shud disable telnet and use ssh instead but the question is how???can anybody help me
:confused:
Printable View
hi guyz, i've just installed SuSe Linux 7.1 on my machine which is netwotked and a friend of mine told me that i shud disable telnet and use ssh instead but the question is how???can anybody help me
:confused:
First: Under Suse Linux I don't have the exact steps to take, but you need to disable telnetd and enable sshd. Also, you'll want to head over to somewhere like rootshell.com (are they still around? The page was down all today. :( ) or ... the Suse site, and grab the latest SSH daemon. There were problems with buffer overflows in prior versions.
Second: Is this a good idea? Yes. But why? The idea behind this is quite simple: under telnet, a user logs in, then puts in their password ... IN PLAINTEXT! (en clair). So - over a network with a card in promiscuous mode ... you see where this is going. Under ssh, this goes down the wire encrypted (MD5, CAST (I think), PKI, etc, etc). AND you can get a windows client for it!
So - as far as I see it, it's a win-win situation. I wanted to give some background so that you're not just groping around in the dark blindly.
Let me know if this helps.
:)
~N~
Nietzsche is correct on this one. SSH is the only way to go as far as communication on the internet through telnet related traffic. Telnet, rsync, rsh, rcp, and others are plaintext over the net so it's nothing for a sniffer to grab passwords, user accounts, etc...
Telnet runs on port 23 while sshd runs on port 22. Your client has to support ssh so other than telneting to port 22 just to see if it works, it's not going to secure correctly and won't work. As for shutting down telnet, if SuSe is like unix, you do the following:
1: edit /etc/inetd.conf and comment (# at the beginning) out the lines that have telnet listed.
2: edit /etc/services and do the same thing.
3: restart inetd (ps -ef | grep inetd | awk '{ print $2 }' | xargs kill -HUP)
If there's a graphical "setup" that SuSe uses, like linuxconf for RH, go through there and disable telnet.
When you start up sshd, it'll automatically connect to port 22 and you're open for business, outside of putting it in as a service in /etc/services and /etc/inetd.conf and adding a startup script (which should come with your version) so that it starts up at boot time.
Thanks for the implicit vote of confidence. :) Here's something, though ... I'm running an ip-only version of IOS on a router back here. I don't think it has an ssh daemon on it. I have a newer ipsec56 (read: vpn) IOS version which I have not really played with too much. Would anyone happen to know off the top of their head of an IOS build that *can* support an ssh daemon so that I don't have to either telnet or vpn into the router? If anyone's interested, I am running IOS 12.1(6). Sure, I *could* head to Cisco and read docs, but I'm burnt out from a full day of flying. :DQuote:
Nietzsche is correct on this one. SSH is the only way to go as far as communication on the internet through telnet related traffic.
Thanks again -
~N~
BTW, Vorlin - very nice post.
You're welcome for the vote of confidence :D. I'd rather give someone else credit for their posts rather than just look like I copied/pasted their stuff and reworded it.Quote:
Originally posted by nietzsche
Would anyone happen to know off the top of their head of an IOS build that *can* support an ssh daemon so that I don't have to either telnet or vpn into the router?
As for IOS 12.1 version supporting SSH, version 12.05 supported it so I'm fairly certain yours can too. I found some info here in concern with ssh vulnerabilities, as well as some info here in concern with IOS information (version 12.05). Hope this helps some as I just found it with google (if that's not the best search engine...).
From a shell (or a terminal) start zast or yast (SuSE configuration tool).Quote:
Originally posted by stem
hi guyz, i've just installed SuSe Linux 7.1 on my machine which is netwotked and a friend of mine told me that i shud disable telnet and use ssh instead but the question is how???can anybody help me :confused:
1. Start the package tool (in SuSE 7.3 named "package management").
2. Goto change or create configuration.
2. Goto "sec" security related software.
3. Add package OpenSSH.
4. press F10 to save
5. press F10 to save (again)
6. Goto Start installation.
7. After installation press esc until the packagemanager starts to update your configuration then after exit YaST.
Restart the server so that all keys automatically will be created for you (easiest way) :D.Quote:
Originally posted by Vorlin
1: edit /etc/inetd.conf and comment (# at the beginning) out the lines that have telnet listed.
2: edit /etc/services and do the same thing.
Hope this will help..