On Thu, 22 May 1997, Kevin Traas wrote:
> When trying to telnet into a Debian GNU/Linux system I set up, I get the
> following:
>
> sally# telnet ross
> Trying x.y.z.193...
> Connected to ross.
> Escape character is '^]'.
> <there is a 10-15 second pause here.... then>
> Connection closed by foreign host.
> sally#
Eloy Paris <[EMAIL PROTECTED]> has already suggested that it
might be a tcpd's security blocking access (/etc/hosts.deny has "ALL:
PARANOID" which prevents access from machines whose in-addr.arpa reverse
lookup doesn't match it's hostname).
I agree - that is most likely the cause of the 'problem' -- "it's a
feature, not a bug" :-).
The solution he posted should fix that.
> This system is pretty much a default installation. I don't
> remember having done anything to refuse connections - at least not
> intentionally. The only way for me to administrate this system is
> remotely.... The system is locked in a tiny room about 30 miles away
> from my office.
IF you are connecting to this machine over the internet, then you
shouldn't be using plain old telnet anyway....you never know who might
be snooping on packets looking for passwords.
there are two secure(*), encrypted alternatives:
1. install ssl-telnet on both machines. This replaces telnet and telnetd
(it is still compatible with non-ssl versions, though)
ssltelnet depends on the ssleay package.
2. install ssh on both machines. This is a replacement for rsh, rcp, and
other 'r' programs. I much prefer this to ssltelnet....in fact, i
hardly use telnet at all these days (i only use ssltelnet to upgrade
ssh on remote machines - ssh runs as a daemo, not out of inetd so
upgrading the ssh package kills your current session. There are
good reasons to run it like this so i'm not sure if this should be
reported as a bug or not.)
ssh depends on zlib1.
I recommend installing BOTH packages.
Both packages are subject to US export restrictions, so they are not
available from the main debian ftp site. You can get them (and the ssleay
package) from the debian-non-US site in Germany:
ftp://os.inf.tu-dresden.de:/pub/debian-non-US/
There are several mirrors of this site. Look in the README.non-us file on
ftp.debian.org for a list.
While you're there, pick up a copy of PGP too.
(*) even "secure" programs are compromisable if you use them carelessly.
these are no magic panacea for security problems - they work best if you
read the documentation and understand what they're doing, why they're doing
it, and how they work.
craig
--
craig sanders
networking consultant Available for casual or contract
temporary autonomous zone system administration tasks.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
