| 1 |
On Sat, 17 Jun 2006 23:45:43 +0200 |
| 2 |
Alexander Skwar wrote: |
| 3 |
|
| 4 |
> Mick wrote: |
| 5 |
> > On 17/06/06, Raymond Lewis Rebbeck <dystopianray@×××××.com> wrote: |
| 6 |
> > |
| 7 |
> >> You cannot use an ssh client in this manner. |
| 8 |
> >> |
| 9 |
> >> If you want a telnet client, emerge either netkit-telnetd or telnet-bsd. |
| 10 |
> > |
| 11 |
> > Thanks for all the replies. I had not emerged telnet so far because |
| 12 |
> > of potential security reasons. Is netcat better in that respect? |
| 13 |
> |
| 14 |
> I actually know of no security problems with telnet. To which |
| 15 |
> are you referring (note: telnet, not telnetd)? |
| 16 |
> |
| 17 |
> Alexander Skwar |
| 18 |
|
| 19 |
I think this thread needs clarification (not specifically you |
| 20 |
Aleaxander) |
| 21 |
|
| 22 |
The problem with the telnet is mainly plain text passwords - your login |
| 23 |
to a telnet server is plain text and easily snooped. |
| 24 |
|
| 25 |
But using telnet to connect to a smtp server or web server for testing |
| 26 |
purposes poses no threats. If you have to pass plain text credentials |
| 27 |
via telnet (eg to log in to a pop or imap server) then the risk is |
| 28 |
exactly the same as when your email client passes a plain text password |
| 29 |
to the imap or pop server. In both cases it can be snooped. |
| 30 |
|
| 31 |
If the service you want to log into is protected with an ssl wrapper |
| 32 |
then tuse the openssl program to log in. For example to connect to my |
| 33 |
imap server (from the same machine) |
| 34 |
|
| 35 |
openssl s_client -host localhost -port 993 |
| 36 |
|
| 37 |
openssl responds with a whole lot of info about the certificate and so |
| 38 |
on then you can type away just like a telnet session (but encrypted) |
| 39 |
|
| 40 |
eg: |
| 41 |
|
| 42 |
nick@www ~ $ openssl s_client -host localhost -port 993 |
| 43 |
|
| 44 |
(openssl spews out a whole lot of stuff about the certificate) |
| 45 |
|
| 46 |
Then the imap server's opening greeting: |
| 47 |
|
| 48 |
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information. |
| 49 |
|
| 50 |
Then I type (responses are marked >> for clarity: |
| 51 |
|
| 52 |
1 login nick xxxxxxxx |
| 53 |
>>1 OK LOGIN Ok. |
| 54 |
2 logout |
| 55 |
>>* BYE Courier-IMAP server shutting down |
| 56 |
>>2 OK LOGOUT completed |
| 57 |
|
| 58 |
|
| 59 |
This is exactly the exchange I get if I telnet to the non ssl port 143, |
| 60 |
except telnet to port 143: |
| 61 |
|
| 62 |
1. doesn't do a key exchange etc |
| 63 |
|
| 64 |
2. is plain text and snoopable. |
| 65 |
|
| 66 |
|
| 67 |
> -- |
| 68 |
> gentoo-user@g.o mailing list |
| 69 |
|
| 70 |
-- |
| 71 |
Nick Rout <nick@×××××××.nz> |
| 72 |
|
| 73 |
-- |
| 74 |
gentoo-user@g.o mailing list |
Archives