[HECnet] Telnet/SSH attacks
Brian Schenkenberger, VAXman-
system at TMESIS.COM
Wed Nov 27 09:13:45 PST 2013
Dave McGuire <mcguire at neurotica.com> writes:
On 11/27/2013 11:26 AM, Ian McLaughlin wrote:
Encrypted telent? I am intrigued...
The Telnet protocol itself isn't encrypted - passwords are in
cleartext. Running telnet inside an SSH tunnel is different...
Why would you when you've already got a secure communications channel
established?
I routinely use port forwarding through an ssh tunnel and, in most of
the cases, this is essentially telnet on an alternate port (eg. SMTP,
POP) but there are other protocols (eg. SQL) which are not so telnet
like in their implementation which can benefit from ssh tunneling.
The Telnet protocol itself makes no promises about the presence OR
absence of encryption, and it has a very flexible do/don't/will/won't
option negotiation protocol. Kerberos-enabled telnet, in particular,
allows for automatic authentication and/or stream encryption, with
either enabled or disabled on an invocation-by-invocation basis.
Kerberos-enabled telnet doesn't work unless the target is setup to and
willing to provide for it. I have no knowledge of how Sampsa has his
configured but from the initial discussion, I'd doubt that Kerberos is
involved.
This is far from new. I have been using it for over twenty years.
It's certainly not new. ;)
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
More information about the Hecnet-list
mailing list