[Hudlug] Securing telnet
Chris Wood
chris at thesprocket.org
Fri Sep 26 09:15:46 BST 2003
On Fri, 2003-09-26 at 08:24, Simon Fox-Jones wrote:
> Can anyone tell me if there is a way of securing telnet against outside
> machines but still allow one in.
>
Use openssh instead of telnet, and make sure you disable 'password
auth', forcing the connecting user to submit a suitable public key.
By doing this you don't really need to worry about having to selectively
firewall - you can let port 22 (ssh) through for all external IPs and
still be confident that you are very unlikely indeed(*) to get cracked.
Block port 23 (telnet) on the firewall and don't enable telnet as a
daemon on your server.
C.
(*) I know there have been some security holes found in openssh over the
last few weeks, but it's still by far the safest way to allow shell
connection to your machines. With ssh, unless you present a suitable
public key when contacting the server, the server won't talk to you -
you don't even get prompted for a username.
More information about the Hudlug
mailing list