Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Can someone please tell me the difference?
Also, in the "1st Little Steps" how-to, it says to enable SSH and root and disable telnet. But telnet seems so easy? Does this assume that there is risk involved with no username/pw for telnet? Whats the difference between enabling root on SSH and having no pw for telnet? Aren't they both vulnerable?
Is it possible to keep both open?
Thanks guys
Mike
Offline
bound4h wrote:
Can someone please tell me the difference?
As telnet, SSH offers a remote terminal access to your device. SSH comes with additional features:
- Authentication + Encryption
- "Tunneling" features, for example, to access services remotely
- File browsing, thanks to SFTP
- ...
But to access your device, as Windows does not have a native SSH client, you need to use "putty" for windows.
Does this assume that there is risk involved with no username/pw for telnet?
Yes, because if somebody can telnet do your device, it can do everything (malicious) with it.
Whats the difference between enabling root on SSH and having no pw for telnet? Aren't they both vulnerable?
It's the same ... But SSH is more secured, since traffic (and login + password) is encrypted.
Is it possible to keep both open?
Yes, becauses telnet uses (by default), TCP port 23, and SSH, TCP port 22.
But advice: it would be better to change the default TCP port, if you plan to make your SSH server available on the Internet.
Hope I haven't written to many mistakes ;-)
Last edited by Electrocut (2010-04-12 22:31:27)
Offline
Thank you for the writeup.
I am using Mac OSX Snow Leopard, so I believe I can just use ssh, right?
Also, can I use ssh (using a Mac) from any computer on the network as long as I know the username/pw? It's not IP specific or anything like that, right?
It seems like both are just command line port tools, so SSH just seems like a better option.
Thanks
Offline
I think that the above post is accurate, but a lot depends on your situation.
If you have your DNS on a closed network, behind a NAT router that provides your Internet connection, then there is no way that someone on the outside Internet can connect to your DNS via Telnet unless you forward the Telnet port to your DNS box in the router. The router simply does not forward Telnet traffic on port 23 to your DNS unless you tell it to. You could make sure that you are not forwarding port 23 to the DNS and leave telnet on without worrying about someone from the outside logging into the DNS with telnet. Set up the router to forward ssh port 22 to the DNS if you wanted to login from the outside.
On your internal network, behind the NAT router or firewall, any machine on that internal network could telnet to your DNS. If you are the only one on this internal network, then there are probably no worries. But if you have other users on the internal network that might get in there, then you might want to disable telnet.
I also like the suggestion of changing the default port for SSH. I've done that. It helps keep away port-scanners and password crackers. There's also less risk of problems if you've made some config error. I suppose you could get even tougher and set up ssh keys. After the keys are working, disable the password authentication.
Offline