[H-GEN] Secure Telnet

Anthony Towns aj at azure.humbug.org.au
Sun Aug 22 06:29:57 EDT 1999 

On Sun, Aug 22, 1999 at 05:39:13PM +1000, Hilton Travis wrote:
> What SSH telnet clients are there available for the Windows platform (and
> also BeOS) that can telnet into a Linux SSH system?

Note that using ssh isn't the be-all and end-all of having a secure system,
especially after:

http://www.securityfocus.com/templates/forum_message.html?forum=2&head=32&id=32

(search for "Third week")

In particular, storing an ssh private key on a compromised system (or even
a non-compromised system whose sysadmin/s you don't implicitly trust) is
an obviously unwise thing to do. Less obviously, is noting that all the
little irritating bugs you hear about with Windows can be put together
to do more than just crash your system, or send irritating emails to
your friends, in almost completely undetectable ways.

Unfortunately, there are also heaps of irritating little bugs in RedHat,
and Debian and kin. Sure, they're fixed quickly, but if you're compromised
during that one day, one week, one month that you're vulnerable, it's already
too late.

*shudder*

Me, I've added so items to my todo list.

	* Reinstall blae (my laptop) and make *damn* sure no one cat connect
	  to it remotely. No telnet. No sshd. No exim. No apache. No finger.
	  identd running as nobody/nouser and chrooted, if I can damn well
	  manage it. Don't even think about plugging in a pcmcia card until
	  that's ensured.

	* Regenerate all my ssh keys. Regenerate all my pgp/gpg
	  keys. Don't *ever* type my passphrases anywhere but on my
	  laptop, and *never* tell either the private keys nor the
	  passphrases to any other machine.

	* Setup a one-time-password system for azure for both aj and root
	  (and possibly everyone else), and don't ever login except
	  via that or ssh.

And even then I'm going to shudder unhappily until Debian has had the same
auditing effort done as OpenBSD and similar.

> I am just about to sert up SSH here, and need to find a good telnet client
> for my Windoze boz.

ObTerminology: For an ssh server, you need an ssh client. Telnet clients
are for telnet servers. They perform similar jobs, but they're distinct
services.

> I hate the way the standard MS Telnet client fails to map the arrows
> properly - especially annoying in things like vi!!!

Among other things.

Cheers,
aj

-- 
Anthony Towns <aj at humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 434 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/19990822/90569773/attachment.sig>

More information about the General mailing list