SSH/telnet option question


#1

When you select the shell access for a user are just enabling ssh or is it both ssh and telnet? I’d prefer to not have telnet, but need ssh.


#2

Both are activated if you choose that option.
Nothing you can do to disable telnet I’m afraid.

I’m not even sure why DH offers telnet access. It’s quite stupid and very insecure :confused:


#3

Maybe I am missing something here, but my understanding is that Telnet is considered insecure due to the data-flow being unencrypted, which (to me at least) would only make it a security risk if you actually use it. Just having Telnet enabled wouldn’t seem to present much of an extra security risk, as an attacker would still require valid user credentials to log-in.

As I said, maybe I am missing something and there is some inherent security risk involved with having Telnet access enabled (but not used). If so, could someone please educate me. :slight_smile:

Mark


Save [color=#CC0000]$50[/color] on DreamHost plans using [color=#CC0000]PRICESLASH[/color] promo code (Click for DreamHost promo code details)


#4

Any port open is a risk but telnet on linux is reasonably safe. Safe enough that DH, the guys that would have to fix it, trusts it.

Wholly - Use promo code WhollyMindless for full 97$ credit. Let me know if you want something else!


#5

Yeah, I understand the fact that any port that has an application actively listening for connections is a potential attack vector, but, as you said, the Telnet application has been around a long time and I’d imagine any serious vulnerabilities were fixed long ago.

Mark


Save [color=#CC0000]$50[/color] on DreamHost plans using [color=#CC0000]PRICESLASH[/color] promo code (Click for DreamHost promo code details)


#6

Unfortunately Telnet has some very basic founding flaws that simply aren’t unacceptable for anyone who is even remotely interested in securing their data and communication through the internet (especially if you’re storing personal info in your home directory or website).

I’ll point you to the wiki article as a starting point on some of the basic flaws in telnet (that still exist today): http://en.wikipedia.org/wiki/TELNET

It also mentions the SASL/TLS plug-ins, though I’m unaware of those being available for DH’s telnet sessions (based on a google search anyways). The basic telnet authentication provided by MS Windows 2k I know is easily exploited. There’s even programs available that will allow you to brute force you way into your own server, just to see how insecure it really is.

Anyways, while I’m sure the “DH Guys” have some mechanism in place to prevent such brute force logins, I find providing such insecure access to be very unusual among web providers these days. That is, those who even offer it. It’s like spreading or promoting ignorance, and I just can’t accept that.


#7

True, but if they took it away they could have more trouble with ignorant customers.

If you’re as concerned about security as much as it appears, shared servers should scare the living hell out of you.

But you’re welcome on my servers anytime.

Wholly - Use promo code WhollyMindless for full 97$ credit. Let me know if you want something else!


#8

I don’t host any important/personal info on my site really (at least nothing of value), so I’m not concerned over that myself.
I’ve just noticed several “Businesses” run their websites here, and I can just see, as a web host, allowing some of them to access their data through telnet as more than just potentially hazardous. Especially when you consider what kind of passwords those type of people will generally use… lol.

I just think disabling it entirely would be a way of protecting people from themselves… but ah well.
I haven’t seen any reports of it ever having been an issue here, which is a good thing :slight_smile:
(Though I also assume many people don’t use it either :stuck_out_tongue: )


#9

The nice thing about it is that generally if a username and password are compromised, only that user’s information is in danger. I agree that there are some exploits that can get through but I am pretty certain that DH has most of those worked out (since my server hasn’t been compromised in more than a year and another hosting company had two break compromises on my server in 6 months.)

Wholly - Use promo code WhollyMindless for full 97$ credit. Let me know if you want something else!