[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Putting together a server/network...

To: "Dr. Evil" <drevil@sidereal.kz>
Subject: Re: Putting together a server/network...
From: Andrew M Hoerter <amh@POBOX.COM>
Date: Sat, 3 Nov 2001 11:21:41 -0500
Cc: misc@openbsd.org
Content-Disposition: inline
References: <Pine.BSO.4.33L2.0111030015290.15008-100000@fusion.bennyvision.com> <20011103065020.9007.qmail@sidereal.kz>
User-Agent: Mutt/1.2.5i

On Sat,  3 November 2001 A.D., Dr. Evil wrote:

> > > Just out of curiosity, on a fully switched LAN why is telnet a bad 
> > > thing?

> You don't understand: I don't have to tell you why telnet is a bad
> thing.  You have to tell my why it's a good thing.  If you can't
> explain to me what advantage it has over a more secure protocol such
> as ssh, which provides exactly the same functionality to the user,
> then you shouldn't be using it.

One very important advantage of telnet over ssh is that it doesn't
require the user to have an ssh client.  I'm not advocating the use
of telnet over ssh for everyday user logins, but I'm simply pointing out
that not every interactive session is worth encrypting.  One example
that you will probably dismiss as "atypical"-- many libraries with
computerized card catalogs have a guest login (accessed via telnet)
which allows anyone to do title and author searches.  Ssh is of no
utility in this case, and it's even a detriment, because it raises
the bar of what's required to use the service.  And there are plenty
of other possibilities here, not to mention the fact that you can use telnet
over IPsec (or a lower layer of network crypto) and be perfectly secure
from eavesdropping and session hijacking.  Ssh does have a higher amount
of overhead than telnet, both in terms of CPU utilization and general 
administrivia (that's more an issue if you make heavy use of the extra
features, key authentication, etc.)

All that being said, rah rah, ssh everywhere.  It's a nice tool, and
the average login session *should* be encrypted.  But telnet has its
uses, just like ftp has its uses regardless of sftp's existence (example:
an anonymous file drop box).  Just try not to let the 'crypto everything'
dogma blind you from seeing the broad perspective.  It isn't the answer
to everything.  You can use unencrypted protocols foolishly, just like
you can (and people do) use ssh foolishly.

===
"The problem with people whose minds are in the gutter is that they keep 
blocking my periscope." 
   - Peter Gutmann

References:
- Re: Putting together a server/network...
  - From: "C. Bensend" <benny@bennyvision.com>
- Re: Putting together a server/network...
  - From: "Dr. Evil" <drevil@sidereal.kz>

Prev by Date: Webcam
Next by Date: Re: Webcam
Prev by thread: Re: Putting together a server/network...
Next by thread: Re: Putting together a server/network...
Index(es):
- Date
- Thread