[ale] telnet -- Just Say NO!
Chris Fowler
cfowler at outpostsentinel.com
Thu Jan 24 18:36:21 EST 2002
telnet is not a bad protocol. It is a protcol that has served us well and
is just a little behind the times. Besides if it were'nt for these fast
PC's everyone would still be using telnet.
If you do not want toy use it, disable it in xinetd.d/telnet configuration
files.
You can also block access on that port using ipchains or iptables.
-----Original Message-----
From: Ken Kennedy [mailto:kkennedy at kenzoid.com]
To: ale at ale.org
Sent: Thursday, January 24, 2002 6:29 PM
To: ale at ale.org
Subject: Re: [ale] telnet -- Just Say NO!
On Thu, Jan 24, 2002 at 02:55:09PM -0800, Stephen Turner wrote:
> well see i like linux *grin* but i got a problem. im
> wasteing time off places when i could be working on my
> linux box, ive got a default install of bare woody and
> im on adelphia cable modem (runs dhcp) any help
> telnetting into my system would be great :)
>
I assume you mean telnetting INTO your box from elsewhere (ie,
somewhere on the public Internet)? Let's Not Do That. The telnet
protocol passes your username, password, and all traffic unencrypted
over the network. BAAADDD protocol. Bad. *smack*
SSH is much more secure. Encrypted traffic, challenge-response login
(at the minimum), slices, dices, low-fat. Whole nine yards.
Let's remove telnet first...not that they can't live together, but if
the linux box is the one connected to the cable modem, let's minimize
your target signature, eh?
Since you're using Debian (yay!):
(as root)
apt-get remove telnetd
apt-get install ssh
If ssh isn't already installed, it'll install. During the
configuration, it'll ask "Do you want to run the ssh server?". Choose
Yes. That'll install and start the server, as well as install the
client software.
If the 'apt-get install ssh' returns:
"Sorry, ssh is already the newest version.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not
upgraded."
then it's already installed. To make sure that the server piece is
started, run:
dpkg-reconfigure ssh
This'll run through the configuration options again. The option that
you have currently set is the default, so you can just hit Enter until
you reach the "Do you want to run the ssh server?" question. Make sure
you choose Yes there. After configuration, your box will start (or
restart) the ssh server daemon.
You're good to go then, in terms of the box being set up. You'll need
a) a client app for wherever you're connecting from (what OS is
that?)
b) make sure that ssh requests (port 22) are making it to your box
(you could have a firewall software, or packet filtering blocking the
port)
c) know what your name/address is (does your ISP use DHCP? Oh, that's
right, you said it did...*grin*)) You should be able to use ifconfig
to see your interface settings).
I realize I blew through those last points, but I don't what level of
help you want/need there. Feel free to ask for clarification.
Ken
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list